[jboss-user] [JBoss Portal] - Problems with Custom DatabaseServerLoginModule Roles

Bruno Santos do-not-reply at jboss.com
Wed Aug 17 20:20:07 EDT 2011

Bruno Santos [http://community.jboss.org/people/bmsantos] created the discussion

"Problems with Custom DatabaseServerLoginModule Roles"

To view the discussion, visit: http://community.jboss.org/message/621524#621524

OK! My bad... forget about it!

Something rather strange is happening to my custom database login module and I'm sure I'm missing something.

I have a class that inherits from DatabaseServerLoginModule. The login method is overwritten and in here, the parent login method is always called. If the login failed then the class tries to login using LDAP. If LDAP succeeds to validate the user credentials then it sets the loginOk flag to true.

Now, if the user is successfully validated against the parent login DB method the getRoleSets method gets called and the roles returned. If the user fails to be validated against DB but it is successfully validated against the LDAP server, the same roles are returned but somehow I'm never able to get receive it at the other end of the application.

protected Group[] getRoleSets() throws LoginException {
     String name = getUsername();
     Group[] groups = {new SimpleGroup("Roles")};
     try {
          Principal principal;
          principal = this.createIdentity("ADMIN");
           principal = this.createIdentity("USER");
     } catch(Exception ee) {}
     return groups;

So, basically the difference is that if in the login method the super.login() succeeds, then everything ends up working and the necessary credentials are received as expected. If it fails I never get the credentials even though the loginOk flag is set and the getRolesSet method is called. Through the debugger I've noticed that the Identity gets created as expected. Still, I'm missing something...

I've looked for the base source code (DatabaseServerLoginModule and up) but I could not find it for JBoss AS 6 and I'm stuck right now. I did find older versions and from it I could not really understand why this is not working.


--- Update: Just override the commit() method in order to find what the subject.getPrincipals() gets set with and it happens that in both cases the subject does contain the necessary info to proceed:

public boolean commit() throws LoginException {
     boolean b = super.commit();
     Set<Principal> pList = subject.getPrincipals(); // Returns [admin, Roles(members:ADMIN,USER)] for DB login and [bsantos, Roles(members:ADMIN,USER)] for LDAP login.
     return b;

This confirms that the issue is somewhere in a failed login method.

Reply to this message by going to Community

Start a new discussion in JBoss Portal at Community

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20110817/5c7a4638/attachment.html 

More information about the jboss-user mailing list