[jboss-user] [JBoss Portal] - Re: Auto-login on JBoss Portal

sbiwal do-not-reply at jboss.com
Tue Mar 11 22:34:50 EDT 2008 

Thanks a lot.
I was able to successfully create a custom tomcat valve (code attached below). This even allowed automatic login to my user and displayed the default page as "User logged in: ". However I think this user is still not authorized to access anything that is below the /auth access.

When I call the this.container.getRealm().authenticate method in the valve I am forwarded to the JBossSecurityMgrRealm.authenticate method. In this method, the securityCtx object is null and so I just get a null from the function. I think this is the problem why my users are not being authorized.

Can you please shed some light as to where I could be going wrong.

So in short all I have changed in the Jboss AS code is adding this custom valve and changing the server.xml
I have not changed anything in the Jboss Portal code at all.

/*
  |  * JBoss, Home of Professional Open Source.
  |  * Copyright 2006, Red Hat Middleware LLC, and individual contributors
  |  * as indicated by the @author tags. See the copyright.txt file in the
  |  * distribution for a full listing of individual contributors.
  |  *
  |  * This is free software; you can redistribute it and/or modify it
  |  * under the terms of the GNU Lesser General Public License as
  |  * published by the Free Software Foundation; either version 2.1 of
  |  * the License, or (at your option) any later version.
  |  *
  |  * This software is distributed in the hope that it will be useful,
  |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  |  * Lesser General Public License for more details.
  |  *
  |  * You should have received a copy of the GNU Lesser General Public
  |  * License along with this software; if not, write to the Free
  |  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  |  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  |  */
  | package org.jboss.web.tomcat.security;
  | 
  | import java.io.IOException;
  | import java.security.Principal;
  | import java.security.acl.Group;
  | import java.util.ArrayList;
  | import java.util.List;
  | 
  | import javax.security.auth.Subject;
  | import javax.servlet.ServletException;
  | 
  | import org.apache.catalina.connector.Request;
  | import org.apache.catalina.connector.Response;
  | import org.apache.catalina.Context;
  | import org.apache.catalina.Session;
  | 
  | import org.apache.catalina.realm.GenericPrincipal;
  | import org.apache.catalina.valves.ValveBase;
  | import org.jboss.logging.Logger;
  | import org.jboss.security.SecurityAssociation;
  | import org.jboss.security.SimpleGroup;
  | 
  | //import com.sun.security.auth.UserPrincipal;
  | 
  | //import com.sun.security.auth.UserPrincipal;
  | 
  | /** A valve that provides information on the jaas login exception seen in the
  |  SecurityAssociation exception data. The useExceptionAsMsg flag indicates if
  |  the exception message should be set as the http response message. The
  |  exceptionHeader attribute if set is the header name that should be populated
  |  with the exception message.
  |    
  |  @author Scott.Stark at jboss.org
  |  @version $Revision: 57206 $
  |  */
  | public class BasicAuthValve
  |    extends ValveBase
  | {
  |    private static Logger log = Logger.getLogger(BasicAuthValve.class);
  |    private static boolean trace = log.isTraceEnabled();
  | 
  |    /** Should the exception message be used as the request status message */
  |    private boolean useExceptionAsMsg = false;
  |    /** A flag indicating if the auth exception thread local should be cleared */
  |    private boolean clearAuthException = true;
  |    /** The name of the reply header to use to return the exception message */
  |    private String exceptionHeader = null;
  | 
  |    public boolean isUseExceptionAsMsg()
  |    {
  |       return useExceptionAsMsg;
  |    }
  |    public void setUseExceptionAsMsg(boolean useExceptionAsMsg)
  |    {
  |       this.useExceptionAsMsg = useExceptionAsMsg;
  |    }
  | 
  |    public String getExceptionHeader()
  |    {
  |       return exceptionHeader;
  |    }
  |    public void setExceptionHeader(String exceptionHeader)
  |    {
  |       this.exceptionHeader = exceptionHeader;
  |    }
  | 
  |    public void invoke(Request request, Response response)
  |       throws IOException, ServletException
  |    {
  | 		// TODO Auto-generated method stub
  | 		List roles = new ArrayList();
  | 		roles.add("Authenticated");
  | 		roles.add("User");
  | 		roles.add("Admin");
  | 		roles.add("CustomRole"); 
  | 		
  | 		String password = "user";
  | 		String username = "user";
  | 		
  | 		Principal p = this.getContainer().getRealm().authenticate(username, (String)null);
  | 		request.setAuthType("FORM");
  | 		request.setUserPrincipal(new GenericPrincipal(request.getContext().getRealm(), username, password, roles));
  | 
  | 		this.getNext().invoke(request, response);
  | 
  |    }
  |    
  | }
  | 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135811#4135811

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4135811

More information about the jboss-user mailing list