[jboss-user] [Security & JAAS/JBoss] - Custom Principal class problem. SessionContext always return
misqu23
do-not-reply at jboss.com
Fri Jul 3 19:04:19 EDT 2009
Hi
I need to store in the principal class not only name of the principal but also id from database. So I have created my own login module which inherits from the jboss DatabaseServerLoginModule. In the method getUsersPassword I also get the id of the user from the db. Here is the code snipet :
| password = rs.getString(1);
| password = convertRawPassword(password);
| if (trace)
| log.trace("Obtained user password");
| Long id = rs.getLong(2);
| if (getIdentity() instanceof SmartOfficePrincipal) {
| log.info("Setting id to the principal");
| ((SmartOfficePrincipal)getIdentity()).setId(id);
| }
|
In login-config.xml I have configured login module to use my own principal implementation.
login-config.xml :
| <application-policy name="smartoffice">
| <authentication>
| <login-module code="org.jboss.security.ClientLoginModule" flag="required">
| <module-option name="restore-login-identity">true</module-option>
| </login-module>
| <login-module code="com.foo.SmartOfficeDatabaseLoginModule" flag="required">
| <module-option name="principalClass">com.foo.SmartOfficePrincipal</module-option>
| <module-option name="dsJndiName">java:/smartofficeDS</module-option>
| <module-option name="principalsQuery">SELECT PASSWORD,ID FROM SMR_USERS_ASSIGN WHERE LOGIN=?</module-option>
| <module-option name="rolesQuery">SELECT ROLES.ROLE, 'Roles' FROM SMR_USER_ROLES AS ROLES,
| SMR_USERS_ASSIGN AS USERS WHERE USERS.LOGIN = ? AND ROLES.
| USER_ID = USERS.ID</module-option>
| <module-option name="hashAlgorithm">MD5</module-option>
| <module-option name="unauthenticatedIdentity">anonymous</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
My principal class :
| public class SmartOfficePrincipal extends SimplePrincipal implements Serializable {
|
| private static final long serialVersionUID = 2079488098348121376L;
|
| private Long id;
|
| public SmartOfficePrincipal(String name) {
| super(name);
| }
|
| public void setId(Long id) {
| this.id = id;
| }
|
| public Long getId() {
| return id;
| }
|
| @Override
| public int hashCode() {
| final int prime = 31;
| int result = super.hashCode();
| result = prime * result + ((id == null) ? 0 : id.hashCode());
| return result;
| }
|
| @Override
| public boolean equals(Object obj) {
| if (this == obj)
| return true;
| if (!super.equals(obj))
| return false;
| if (getClass() != obj.getClass())
| return false;
| SmartOfficePrincipal other = (SmartOfficePrincipal) obj;
| if (id == null) {
| if (other.id != null)
| return false;
| } else if (!id.equals(other.id))
| return false;
| return true;
| }
| }
|
Everything works fine I can login to the application but when I try to get the callerPrincipal from the SessionContext object I get SimplePrincipal instance.
I can't cast to SmartOfficePrincipal.
Also when I try to get principal in the entitylistener using the following statement :
| Principal principal = SecurityAssociation.getPrincipal();
|
I get the instance of SimplePrincipal class. I need user id because in entity listener i would like to set the user who have last modify object or created.
So I don't have to remember to set up this by hand in the code.
Also in my aspects I prefer to use the user id.
What am I doing wrong ?
Thanks a lot.
Martin
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4241774#4241774
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4241774
More information about the jboss-user
mailing list