[jboss-user] [JBoss Portal] - Re: HTTP Status 500 - No authenticated user while accessing

mathewa do-not-reply at jboss.com
Fri May 15 14:44:25 EDT 2009 

Hi mabimal,

1) your conf/login-config.xml looks okay, and I assume works because your login servlet works?
2) dont change portal-server.war/WEB-INF/jboss-web.xml, instead change the ...ds-xml file in deploy
3) remove your login servlet - that's not the way to do it... if you want to customise your login module then do this:
4) create a new class extending the org.jboss.portal.identity.auth.DBIdentityLoginModule, and in the overridden commit method you will be given a Subject which has .getPrincipals() method that returns not just the current user but also their roles ("Authenticated" should be in there because it's specified in the following line in the login-config.xml file
	<module-option name="additionalRole">Authenticated</module-option>
That role is specified in the portal-server.war/WEB-INF/web.xml here:

  |    <security-constraint>
  |       <web-resource-collection>
  |          <web-resource-name>Authenticated</web-resource-name>
  |          <description></description>
  |          <url-pattern>/auth/*</url-pattern>
  |       </web-resource-collection>
  |       <auth-constraint>
  |          <role-name>Authenticated</role-name>
  |       </auth-constraint>
  |    </security-constraint>
  | 
which basically says anything down the address http://server/portal/auth/... (which includes the dashboard) will require this "Authenticated" UserPrincipal in the Subject.getPrincipals() list.

If you login this way then you can investigate the Subject to find out what roles you have.  I suspect you dont have the "Authenticated" UserPrincipal in the Subject and therefore cannot view anything down the .../auth/...address path.

btw, youll have to put your jar with the new YourDBIdentityLoginModule into the portal sar (or any other deployed sar) so it's on the class path for portal to see it, and change your line in login-config.xml from 
<login-module code = "org.jboss.portal.identity.auth.DBIdentityLoginModule" flag="sufficient">
to:

<login-module code = "xxx.xxx.xxx.YourDBIdentityLoginModule" flag="sufficient">
  | 

Hope this helps,
mat

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4231386#4231386

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4231386

More information about the jboss-user mailing list