[jboss-jira] [JBoss JIRA] Commented: (EJBTHREE-1756) EJB3: EJBContext getCallerPrincipal does not see the custom principal
Bryant Bunderson (JIRA)
jira-events at lists.jboss.org
Wed May 13 17:13:49 EDT 2009
[ https://jira.jboss.org/jira/browse/EJBTHREE-1756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12467380#action_12467380 ]
Bryant Bunderson commented on EJBTHREE-1756:
--------------------------------------------
JBoss is losing the custom principal. I have attached some example code that demonstrates the problem. It is based on the Wiki article "http://www.jboss.org/community/wiki/UsingCustomPrincpalsWith".
The attributes of the custom principal must be available to the bean but aren't. Instead an instance of SimplePrincipal is returned. Like so...
{code}
@SecurityDomain("custom-domain")
@RolesAllowed({"custom-role"})
@Stateless
public class CustomServiceBean implements CustomService {
@Resource
private SessionContext context;
public String getItem() {
Principal principal = (Principal) context.getCallerPrincipal();
if (!(principal instanceof CustomPrincipal)) {
return "I expected a "+CustomPrincipal.class.getName()+
" but got a "+principal.getClass().getName()+" instead!";
}
return ((CustomPrincipal) principal).getCustomAttribute();
}
}
{code}
The custom principal looks like this...
{code}
public class CustomPrincipal implements Principal {
private String name;
private String customAttribute;
public CustomPrincipal(String name) {
this.name = name;
this.customAttribute = "";
}
public CustomPrincipal(String name, String customAttribute) {
this.name = name;
this.customAttribute = customAttribute;
}
public String getName() {
return name;
}
public String getCustomAttribute() {
return customAttribute;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
CustomPrincipal that = (CustomPrincipal) o;
if (!customAttribute.equals(that.customAttribute)) return false;
if (!name.equals(that.name)) return false;
return true;
}
@Override
public int hashCode() {
int result = name.hashCode();
result = 31 * result + customAttribute.hashCode();
return result;
}
@Override
public String toString() {
return "CustomPrincipal{" +
"name='" + name + '\'' +
", customAttribute='" + customAttribute + '\'' +
'}';
}
}
{code}
There is also a custom login handler to set the attributes of the custom principal...
{code}
public class CustomLoginModule extends UsernamePasswordLoginModule {
private String allowedUsername;
private String allowedPassword;
private String allowedRole;
private CustomPrincipal caller;
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
super.initialize(subject, callbackHandler, sharedState, options);
allowedUsername = (String) options.get("username");
allowedPassword = (String) options.get("password");
allowedRole = (String) options.get("role");
}
@Override
public boolean login() throws LoginException {
if (super.login()) {
String username = getUsername();
String customAttribute = "Hello, world!";
caller = new CustomPrincipal(username, customAttribute);
return true;
}
return false;
}
@Override
protected Principal getIdentity() {
Principal identity = caller;
if (identity == null) {
identity = super.getIdentity();
}
return identity;
}
protected String getUsersPassword() throws LoginException {
String username = getUsername();
if (username.equalsIgnoreCase(allowedUsername)) {
return allowedPassword;
}
return "";
}
protected Group[] getRoleSets() throws LoginException {
try {
Group roles = new SimpleGroup("Roles");
Group callerPrincipal = new SimpleGroup("CallerPrincipal");
roles.addMember(new SimplePrincipal(allowedRole));
callerPrincipal.addMember(caller);
Group[] groups = {roles, callerPrincipal};
return groups;
}
catch (Exception e) {
throw new LoginException(e.toString());
}
}
}
{code}
Finally the following is added to the login-conf.xml file for the instance of the app server...
{code}
<application-policy name="custom-domain">
<authentication>
<login-module code="org.jebkids.auth.CustomLoginModule"
flag="required">
<module-option name="principalClass">org.jebkids.auth.CustomPrincipal</module-option>
<module-option name="username">harpo</module-option>
<module-option name="password">marx</module-option>
<module-option name="role">custom-role</module-option>
</login-module>
</authentication>
</application-policy>
{code}
> EJB3: EJBContext getCallerPrincipal does not see the custom principal
> ---------------------------------------------------------------------
>
> Key: EJBTHREE-1756
> URL: https://jira.jboss.org/jira/browse/EJBTHREE-1756
> Project: EJB 3.0
> Issue Type: Bug
> Components: Security
> Reporter: Anil Saldhana
> Assignee: Anil Saldhana
>
> Forum thread reports a case where custom principal in the Login Module is not being propagated to the EJBContext getCallerPrincipal.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list