[jboss-user] [Security & JAAS/JBoss] - Re: Problem with SPNEGO Negotiation
darran.lofthouse@jboss.com
do-not-reply at jboss.com
Thu Jul 31 10:22:40 EDT 2008
I think you need to double check the roles that the user is being associated with, if you have enabled TRACE logging for org.jboss.security you should see something similar to the following in the server.log after the authentication process has completed: -
2008-07-24 21:35:08,768 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
| Principal: darranl at JBOSS.ORG
| Principal: Roles(members:Trader,Users,Banker,ipausers)
| Principal: CallerPrincipal(members:darranl at JBOSS.ORG)
| , sc=org.jboss.security.SecurityAssociation$SubjectContext at c05c2{principal=A1C423689601B6D6CC7D7682CBFB0525,subject=17368622}
|
If you are using the negotiation toolkit this requires the user to have the 'Users' role.
Also as you are using the UsersRolesLoginModule as the second login module in the chain verify that the principal name does match the values you are using in the roles properties file, this should be the first principal in the list - in the example above this is 'darranl at jboss.org'.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4167926#4167926
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4167926
More information about the jboss-user
mailing list