[
https://issues.jboss.org/browse/JBAS-9213?page=com.atlassian.jira.plugin....
]
David Lloyd updated JBAS-9213:
------------------------------
Fix Version/s: 6.1.0
module-option principalClass will be ignored
--------------------------------------------
Key: JBAS-9213
URL:
https://issues.jboss.org/browse/JBAS-9213
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Security
Affects Versions: 6.0.0.Final
Environment: Windows XP
JBoss AS 6.0.0.Final
JavaSE 1.6.0_17
Reporter: Michael Feichtegger
Assignee: Anil Saldhana
Fix For: 6.1.0
I wrote a custom login module and configured it at {{login-config.xml}} as follows:
{code}
<application-policy name="MyRealm">
<authentication>
<login-module code="com.example.MyLoginModule"
flag="required">
<module-option
name="principalClass">com.example.UserPrincipal</module-option>
<module-option name="debug">true</module-option>
</login-module>
</authentication>
</application-policy>
{code}
In a second step I wrote a simple JSF application that performs the login using
{{HttpServletRequest.login()}} that works very well.
Finally I used {{HttpServletRequest.getUserPrincipal()}} to retrieve the custom principal
created during the login process.
On JBoss I'll just get a JBoss internal {{org.jboss.security.SimplePrincipal}} and I
have to use
{{PolicyContext.getContext("javax.security.auth.Subject.container")}} to get the
desired principal.
The custom login module implements {{javax.security.auth.spi.LoginModule}} and is not
derived from {{org.jboss.security.auth.spi.UsernamePasswordLoginModule}} since it should
work on any JavaEE Container.
As far as I understood the specification the element {{<module-option
name="principalClass">}} should be used to achieve this behavior.
--
This message is automatically generated by JIRA.
For more information on JIRA, see:
http://www.atlassian.com/software/jira