[jboss-user] [EJB3] - Custom principal is not propagated to ejb session context (resteasy3 + oauth)

Fri Jul 5 04:36:17 EDT 2013

Marcel Rovira [https://community.jboss.org/people/marcel.rovira] created the discussion

"Custom principal is not propagated to ejb session context (resteasy3 + oauth)"

To view the discussion, visit: https://community.jboss.org/message/826545#826545

--------------------------------------------------------------
Hello,

I'm using resteasy 3.0.1 Final with oauth in JBoss 6.1 EAP and my custom principal class is not propagated to sessioncontext in an EJB3.
Oauth is configured as BearerTokenAuthenticator

My login-module configuration in standalone.xml to use extended login module

<login-module code="es.gc.epsilon.secure.api.shared.resources.MyDatabaseServerLoginModule" flag="required">
 <module-option name="dsJndiName" value="java:jboss/datasources/EpsilonXADS"/>
 <module-option name="principalsQuery" value="select PASSWORD from EP_USER where name=?"/>
 <module-option name="rolesQuery" value="select ROLE_NAME, 'Roles' from EP_USER_ROLE where USER_NAME = ?"/>
 <module-option name="hashAlgorithm" value="MD5"/>
 <module-option name="hashEncoding" value="base64"/>
 <module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>

My DatabaseServerLoginModule:

public class MyDatabaseServerLoginModule extends DatabaseServerLoginModule {
  @Override
  protected java.security.Principal createIdentity(String username) throws Exception {
    System.out.println("createIdentity BEGIN");
    MyCustomPrincipal p = null;
    if (principalClassName == null) {
      p = new MyCustomPrincipal(username);
    } else {
      p = (MyCustomPrincipal) super.createIdentity(username);
    }
    return p;
  }
...

My custom principal

public class MyCustomPrincipal extends SimplePrincipal implements Serializable {  
  private static final long serialVersionUID = 1L;
  private String tenant;
  public MyCustomPrincipal(String name) {
    super(name);
    // TODO Auto-generated constructor stub
  }
...

My oauth server configuration:

*jboss-web.xml*
<jboss-web>
    <security-domain>java:/jaas/jaasEpsilon</security-domain>
    <valve>
        <class-name>org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve</class-name>
    </valve>
</jboss-web>

My api rest configuration project:

*web.xml*
 <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>jaasEpsilon</realm-name>
 </login-config>
  <security-constraint>
  <web-resource-collection>
   <web-resource-name>All resources</web-resource-name>
   <description>Protects all resources</description>
   <url-pattern>/api/secure/*</url-pattern>
   <http-method>GET</http-method>
   <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
   <role-name>admin</role-name>
   <role-name>employee</role-name>
  </auth-constraint>
 </security-constraint>

    <context-param>
      <param-name>resteasy.role.based.security</param-name>
      <param-value>true</param-value>
   </context-param>

*jboss-deployment-structure*

<jboss-deployment-structure>
    <deployment>
        <dependencies>
            <module name="org.jboss.resteasy.resteasy-jaxrs" services="import"/>
            <module name="org.jboss.resteasy.resteasy-jackson-provider" services="import"/>
            <module name="org.jboss.resteasy.skeleton-key"/>
        </dependencies>
    </deployment>
</jboss-deployment-structure>

*jboss-web.xml*
<jboss-web>
    <valve>
        <class-name>org.jboss.resteasy.skeleton.key.as7.BearerTokenAuthenticatorValve</class-name>
    </valve>
</jboss-web>

>From an EJB I extract principal info as

@Resource(name = "sessionContext")
private SessionContext sctx;
...  
Principal principal = sctx.getCallerPrincipal();

if (!(principal instanceof MyCustomPrincipal)) {
  System.out.println("I expected a " + MyCustomPrincipal.class.getName() + " but got a "
    + principal.getClass().getName() + " instead !!!!!!"); 

and the result is:

I expected a es.gc.epsilon.secure.api.shared.resources.MyCustomPrincipal but got a org.jboss.resteasy.skeleton.key.SkeletonKeyPrincipal instead 

Is this a bug, is there another way to retrieve the caller principal, is there any wrong configuration?

Thanks.
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/826545#826545]

Start a new discussion in EJB3 at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2029]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20130705/a025b75e/attachment.html 