[jboss-user] [Security & JAAS/JBoss] - Principal from Servlet to EJB not propagating?
forumer
do-not-reply at jboss.com
Wed Oct 25 19:01:24 EDT 2006
I need to get a user from a Servlet Request parameter and propagate it to EJB layer. But it is not happening!
Thanks in advance for your help.
This is the excerpt from login-config.xml. Note that I am using ClientLoginModule:
| <application-policy name = "myPolicy">
| <authentication>
| <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required" />
|
| <login-module code = "org.jboss.security.ClientLoginModule" flag = "required">
| <module-option name="password-stacking">useFirstPass</module-option>
| </login-module>
| </authentication>
|
| </application-policy>
|
This is how use a loginContext. users.properties and roles.properties files in application archive are being read correctly.
|
| CallbackHandler handler = new MyHandler("paramFromRequest");
| LoginContext lc = null;
| try
| {
| lc = new LoginContext("myPolicy", handler);
| lc.login();
| Subject subject = lc.getSubject();
| Set<Principal> principals = subject.getPrincipals();
| for(Principal p: principals)
| {
| log.info("name="+p.getName());
| log.debug("name="+p.getName());
| // JBoss Specific
| if (p instanceof SimpleGroup)
| {
| SimpleGroup sg = (SimpleGroup) p;
| if ("Roles".equals(sg.getName()))
| {
| log.debug("role-name=" + sg.toString());
| }
| }
| }
|
| } catch (LoginException e)
| {
| log.info("authentication failed... But this is just a test; Ignore it");
| e.printStackTrace();
| }
|
Here is the handler:
|
| class MyHandler implements CallbackHandler
| {
| String name = null;
| public MyHandler(String name){this.name=name;}
| public void handle(Callback[] callbacks) throws IOException,
| UnsupportedCallbackException
| {
| for (int i = 0; i < callbacks.length; i++)
| {
| if (callbacks instanceof NameCallback)
| {
| NameCallback nc = (NameCallback) callbacks;
| nc.setName(name);
| } else if (callbacks instanceof PasswordCallback)
| {
| PasswordCallback pc = (PasswordCallback) callbacks;
| pc.setPassword(new char[0]);
| } else
| {
| throw new UnsupportedCallbackException(callbacks,
| "Unrecognized Callback");
| }
| }
| }
| }
|
Here is the EJB Method call that I am expecting to fail but succeeds! Calls on "ctx" are commented out because I get "No valid security context for the caller identity" otherwise.
| @RolesAllowed("xxx")
| public List<String> getAllUserGroups()
| {
| // Principal callerPrincipal = ctx.getCallerPrincipal();
| // if(null == callerPrincipal) log.debug("callerPrincipal is null!");
| // else log.debug(callerPrincipal.getName());
| return getAllGroupsAsStrings();
| }
|
|
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3980865#3980865
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3980865
More information about the jboss-user
mailing list