[jboss-user] [JBoss Seam] - JAAS auth and accessing Principal in EJB
My basic problem is that I've got Seam successfully using JAAS for authentication,
however the logged-in principal is not showing up on the backend; instead I'm getting
the "unauthenticatedIdentity" principal.
Jboss 4.0.5
Seam 1.2.1
I've configured JBoss to use the DatabaseServerLoginModule as such:
| <application-policy name = "tfdRealm">
| <authentication>
| <login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule" flag =
"required">
| <module-option name =
"unauthenticatedIdentity">guest</module-option>
| <module-option name =
"dsJndiName">java:/TFDDB</module-option>
| <module-option name = "principalsQuery">select password from user
where username=?</module-option>
| <module-option name = "rolesQuery">select
r.rolename,'Roles' from role r, user u, roleuser ru where r.roleid = ru.roleid and
u.userid = ru.userid and u.username = ?</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
My components.xml contains this:
| <component name="org.jboss.seam.security.identity"
jaas-config-name="tfdRealm" />
|
My login.xhtml is:
| <body>
| <h:messages />
| <h:form>
| <table border="0">
| <tr><td>Username:</td><td><h:inputText
value="#{identity.username}" /></td></tr>
| <tr><td>Password:</td><td><h:inputSecret
value="#{identity.password}" /></td></tr>
| <tr><td><h:commandButton value="Login"
action="#{identity.login}" /></td></tr>
| </table>
| </h:form>
| </body>
|
(extra XML declaration stuff omitted).
Note that I have no implemented an authenticator. Clicking the login button uses the
configured policy in JBoss and everything's seems to work (valid user/pass logs in,
invalid does not).
I have a session bean as follows:
| @Stateless
| @Name("todoManager")
| @SecurityDomain("tfdRealm")
| public class StatlessTodoAccess implements TodoAccess,TodoAccessRemote
| {
| @PersistenceContext(unitName="tfd")
| private EntityManager itsEntityManager;
|
| @Resource
| private SessionContext itsContext;
|
| @Factory("allTodos")
| public List<Todo> getAllTodos()
| {
| org.apache.log4j.Logger logger =
org.apache.log4j.Logger.getLogger(getClass().getName());
|
| Principal caller = itsContext.getCallerPrincipal();
| String username = caller.getName();
| logger.info("caller was " + username);
|
| Query query = itsEntityManager.createQuery("select u from User u where
u.username=:username");
| query.setParameter("username",username);
|
| try
| {
| User user = (User)query.getSingleResult();
| logger.info("user has " + user.getTodos().size() + "
todos");
| return user.getTodos();
| }
| catch (NoResultException e)
| {
| logger.error("No results for " + username,e);
| return new ArrayList<Todo>();
| }
|
| }
| }
|
accessed via
| <body>
| <f:view>
| <f:verbatim>
| <h2>To F'n Do</h2>
| Add New: <input type="text" />
| </f:verbatim>
| <br />
| <f:subview id="allTodos">
| <h:dataTable value="#{allTodos}" var="todo">
| <h:column><b><h:outputText
value="#{todo.description}" /></b></h:column>
| </h:dataTable>
| </f:subview>
| </f:view>
| </body>
|
The caller princpal returned by getCallerPrincipal() is "guest" and not the
username I used to log in.
I'm a bit confused by this; how can I get the EJBs to see my login (and, where did the
principal/subject created by my successful login go?)
I've read a previous thread on the subject and I was extremely confused. I downloaded
two examples that claim to show JAAS working with seam, however one was out-dated and the
other didn't contain any code. I couldn't find any info in either to help my
problem.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4061465#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...