[jboss-user] [Security & JAAS/JBoss] - Principal from Servlet to EJB not propagating?

forumer do-not-reply at jboss.com
Wed Oct 25 19:01:24 EDT 2006 

I need to get a user from a Servlet Request parameter and propagate it to EJB layer. But it is not happening!

Thanks in advance for your help.

This is the excerpt from login-config.xml. Note that I am using ClientLoginModule:

  |     <application-policy name = "myPolicy">
  |        <authentication>
  |           <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
  |              flag = "required" />
  |              
  |           <login-module code = "org.jboss.security.ClientLoginModule" flag = "required">
  |              <module-option name="password-stacking">useFirstPass</module-option>
  |           </login-module>
  |        </authentication>
  | 
  |     </application-policy>
  | 

This is how use a loginContext. users.properties and roles.properties files in application archive are being read correctly.


  | 
  | 		CallbackHandler handler = new MyHandler("paramFromRequest");
  | 		LoginContext lc = null;
  | 		try
  | 		{
  | 			lc = new LoginContext("myPolicy", handler);
  | 			lc.login();
  | 			Subject subject = lc.getSubject();
  | 			Set<Principal> principals = subject.getPrincipals();
  | 			for(Principal p: principals)
  | 				{
  | 					log.info("name="+p.getName());
  | 					log.debug("name="+p.getName());
  | 					// JBoss Specific
  | 					if (p instanceof SimpleGroup)
  | 					{
  | 						SimpleGroup sg = (SimpleGroup) p;
  | 						if ("Roles".equals(sg.getName()))
  | 						{
  | 							log.debug("role-name=" + sg.toString());
  | 						}
  | 					}
  | 				}
  | 			
  | 		} catch (LoginException e)
  | 		{
  | 			log.info("authentication failed... But this is just a test; Ignore it");
  | 			e.printStackTrace();
  | 		}
  | 

Here is the handler:


  | 
  | 	class MyHandler implements CallbackHandler
  | 	{
  | 		String name = null;
  | 		public MyHandler(String name){this.name=name;}
  | 		public void handle(Callback[] callbacks) throws IOException,
  | 				UnsupportedCallbackException
  | 		{
  | 			for (int i = 0; i < callbacks.length; i++)
  | 			{
  | 				if (callbacks instanceof NameCallback)
  | 				{
  | 					NameCallback nc = (NameCallback) callbacks;
  | 					nc.setName(name);
  | 				} else if (callbacks instanceof PasswordCallback)
  | 				{
  | 					PasswordCallback pc = (PasswordCallback) callbacks;
  | 					pc.setPassword(new char[0]);
  | 				} else
  | 				{
  | 					throw new UnsupportedCallbackException(callbacks,
  | 							"Unrecognized Callback");
  | 				}
  | 			}
  | 		}
  | 	}
  | 

Here is the EJB Method call that I am expecting to fail but succeeds! Calls on "ctx" are commented out because I get "No valid security context for the caller identity" otherwise.


  | 	@RolesAllowed("xxx")
  | 	public List<String> getAllUserGroups()
  | 	{
  | //		Principal callerPrincipal = ctx.getCallerPrincipal();
  | //		if(null == callerPrincipal) log.debug("callerPrincipal is null!");
  | //		else log.debug(callerPrincipal.getName());
  | 		return getAllGroupsAsStrings();
  | 	}
  | 
  | 
  | 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3980865#3980865

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3980865

More information about the jboss-user mailing list