[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut

Marcos_APS do-not-reply at jboss.com
Fri Aug 8 13:29:18 EDT 2008 

"ragavgomatam" wrote : There is, I believe another way, without using FORM authentication, you can use Programmatic login (using WebAuthentication) . You will have to refer to the documentation for more details..Check out this url 
  | http://wiki.jboss.org/wiki/WebAuthentication

Hello, ragavgomatam!

I've been testing WebAuthentication, as suggested by you, and I'm getting some good, and also strange, results. Below are some test that I made (with comments):

Test 1 (with a valid user and password):


  | WebAuthentication authentication = new WebAuthentication();
  | authentication.login("90000005", "1vgd4m");
  | System.out.println(context.getUserPrincipal()); // 90000005
  | System.out.println(context.isUserInRole("USUARIO")); // true
  | System.out.println(context.isUserInRole("ADMINISTRADOR")); // true
  | 		
  | // Session bean method call ok
  | System.out.println(FabricaDados.getInstancia().getLocalizadorCampi().localizarCampi().get(0).getNome()); // 'CRAJUBAR'
  | 		
  | authentication.logout();
  | System.out.println(context.getUserPrincipal()); // null
  | System.out.println(context.isUserInRole("USUARIO")); // false
  | System.out.println(context.isUserInRole("ADMINISTRADOR")); // false
  | 

Test 2 (without a valid user and password):


  | WebAuthentication authentication = new WebAuthentication();
  | authentication.login("90000005abc", "1vgd4mabc");
  | System.out.println(context.getUserPrincipal()); // null
  | System.out.println(context.isUserInRole("USUARIO")); // false
  | System.out.println(context.isUserInRole("ADMINISTRADOR")); // false
  | 		
  | // Session bean method call ok (but why?)
  | System.out.println(FabricaDados.getInstancia().getLocalizadorCampi().localizarCampi().get(0).getNome()); // 'CRAJUBAR'
  | 		
  | authentication.logout();
  | System.out.println(context.getUserPrincipal()); // null
  | System.out.println(context.isUserInRole("USUARIO")); // false
  | System.out.println(context.isUserInRole("ADMINISTRADOR")); // false
  | 

Test 3 (without authentication):


  | // Session bean method call ok (but why? this is very strange)
  | System.out.println(FabricaDados.getInstancia().getLocalizadorCampi().localizarCampi().get(0).getNome()); // 'CRAJUBAR'
  | 

Could you explain why the session bean's method calls are working even with a invalid user and even without authentication?

Thank you.

Marcos

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169664#4169664

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169664

More information about the jboss-user mailing list