[jboss-user] [JBoss Portal] - Problems in doing JAAS login using code

[prassana]

Hi all,


 We have our portal users using windows NT clients. We want to do auto login to portal users (skip the login page). we have used jcifs NTLM filter. We are able to  authenticate users with this arrangement. However we were not able to authorize the users.  

 So we wrote a filter that gets the username and makes a call to login function. we then set the user principal and subject to SecurityAssociation as shown below.


UsernamePasswordHandler handler = new UsernamePasswordHandler(httpRequest.getRemoteUser(), httpRequest.getRemoteUser().toCharArray());

LoginContext lgnctx;

		try {
			lgnctx = new LoginContext("portal", handler);
			lgnctx.login();
			System.out.println("Subject:" + lgnctx.getSubject().toString());

			SecurityAssociation.setSubject(lgnctx.getSubject());
			SecurityAssociation.setPrincipal(new UserPrincipal(httpRequest.getRemoteUser()));
			SecurityAssociation.setCredential(httpRequest.getRemoteUser().toCharArray());

NOTE : we have user password same as user name in the database jbp_users table.


But when some portlets make call to check for "admin" role as in following code  
 req.isUserInRole(ADMIN_ROLE) 
it fails even if the user logged in has admin role.  This happens in a few portlets such as role management portlet.

We are not confident about the method we used to set the user subject and principal.  Can any one suggest another method to set the user subject and principal? 

Appreciate if any one suggests other methods for authorization.

my environment is as follws
JBoss Portal Version : jboss 2.6.1
Did you get Portal from CVS : yes
JBoss AS Version : JBoss AS 4.0.5
Database Vendor and Version : MS SQL server 2005
JDBC Connector : jdbc:jtds:sqlserver 
OS Platform : Windows NT


thanks


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4075173#4075173

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4075173