[jboss-jira] [JBoss JIRA] Commented: (JBPORTAL-1779) SynchronizingLoginModule prevents access to Dashboard
Boleslaw Dawidowicz (JIRA)
jira-events at lists.jboss.org
Wed Dec 12 14:02:07 EST 2007
[ http://jira.jboss.com/jira/browse/JBPORTAL-1779?page=comments#action_12391829 ]
Boleslaw Dawidowicz commented on JBPORTAL-1779:
-----------------------------------------------
Be aware that there were also few synchronizing modules fixes
Modified: branches/JBoss_Portal_Branch_2_6/core/src/main/org/jboss/portal/core/model/portal/PortalObjectPermission.java
===================================================================
--- branches/JBoss_Portal_Branch_2_6/core/src/main/org/jboss/portal/core/model/portal/PortalObjectPermission.java 2007-11-23 11:32:48 UTC (rev 9080)
+++ branches/JBoss_Portal_Branch_2_6/core/src/main/org/jboss/portal/core/model/portal/PortalObjectPermission.java 2007-11-23 12:07:22 UTC (rev 9081)
@@ -22,7 +22,6 @@
******************************************************************************/
package org.jboss.portal.core.model.portal;
-import org.jboss.portal.identity.auth.UserPrincipal;
import org.jboss.portal.security.PortalPermission;
import org.jboss.portal.security.PortalPermissionCollection;
import org.jboss.portal.security.PortalSecurityException;
@@ -30,6 +29,7 @@
import javax.security.auth.Subject;
import java.security.Permission;
+import java.security.Principal;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
@@ -273,7 +273,7 @@
caller != null &&
thisPath.getLength() < thatPath.getLength())
{
- Set tmp = caller.getPrincipals(UserPrincipal.class);
+ Set tmp = caller.getPrincipals();
if (tmp.size() > 0)
{
Iterator i1 = thisPath.names();
@@ -292,7 +292,7 @@
//
Iterator i = tmp.iterator();
- UserPrincipal user = (UserPrincipal)i.next();
+ Principal user = (Principal)i.next();
String userName = user.getName();
//
> SynchronizingLoginModule prevents access to Dashboard
> -----------------------------------------------------
>
> Key: JBPORTAL-1779
> URL: http://jira.jboss.com/jira/browse/JBPORTAL-1779
> Project: JBoss Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Portal Security
> Affects Versions: 2.6.2 Final
> Environment: Pentium 3 - 2GB memroy - 20 GB of Free Space
> Windows XP Professional Service Pack 2
> JBoss Portal 2.6.2 + JBoss AS 4.2.1 Bundle
> Reporter: Guy M. Spillman, Jr.
> Assigned To: Boleslaw Dawidowicz
> Fix For: 2.6.3 Final
>
>
> Users who athenticate using an additional login module after the IdentityLoginModule get the following HTTP error when clicking on their Dashboard link:
> HTTP Status 403 -
> --------------------------------------------------------------------------------
> type Status report
> message
> description Access to the specified resource () has been forbidden.
> --------------------------------------------------------------------------------
> JBossWeb/2.0.0.GA
> Users who login with the IdentityLoginModule (such as the default user & admin usernames) will see their Dashboard content without problems.
> Problem was discovered using JaasLounge(http://jaaslounge.sourceforge.net/ ) NTLMLoginModule, but can be duplicated using JBoss' UsersRolesLoginModule.
> This problem was originally discussed in the following thread, but seams to be a different problem since it can be duplicated using JBoss code only.
> http://www.jboss.com/index.html?module=bb&op=viewtopic&t=119733
> Configuration:
> ${jboss.server.home.dir}\deploy\jboss-portal.sar\conf\login-config.xml:
> Code:
> <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="sufficient">
> <module-option name="unauthenticatedIdentity">guest</module-option>
> <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
> <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
> <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
> <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
> <module-option name="additionalRole">Authenticated</module-option>
> <module-option name="password-stacking">useFirstPass</module-option>
> </login-module>
> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required" />
> <login-module code="org.jboss.portal.identity.auth.SynchronizingLoginModule" flag="optional">
> <module-option name="synchronizeIdentity">true</module-option>
> <module-option name="synchronizeRoles">false</module-option>
> <module-option name="additionalRole">Authenticated</module-option>
> <module-option name="defaultAssignedRole">User</module-option>
> <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
> <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
> <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
> <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
> </login-module>
> ${jboss.server.home.dir}\conf\defaultRoles.properties:
> Code:
> testuser=test
> testuser2=test2
> ${jboss.server.home.dir}\conf\defaultUsers.properties:
> Code:
> testuser=testrole1,testrole2
> testuser2=testrole3,testrole4
> Procedure:
> 1. Login a testuser/test.
> 2. Click Dashboard link.
> The HTTP Status 403 error described above will be displayed.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list