[prev in list] [next in list] [prev in thread] [next in thread]
List: jboss-user
Subject: [JBoss-user] [Security & JAAS/JBoss] - Principal=null after a successful JDBC login and following h
From: northrop <nukes () jboss ! org>
Date: 2004-10-31 4:04:18
Message-ID: 5015176.1099195458423.JavaMail.jboss () colo-br-02 ! atl ! jboss ! com
[Download RAW message or body]
Any ideas? I've looked at other posts regarding this same issue and have not been \
able to solve the problem that the subject and principals are not retained between \
http requests. In JSP's (or other code - Struts application), a call to \
request.getUserPrincipal() returns null after a successful login and subsequent \
requests using the DatabaseServerLoginModule configuration. The login.jsp page is \
always presented if a restricted page is accessed - even after authentication is \
passed. If I change web.xml to use BASIC instead of FORM based for authentication, \
the problem goes away - principals are retained between requests and the login.jsp \
page is only presented once. In trying to narrow down the problem, it seems that \
when using DatabaseServerLoginModule for authentication, the credentials are not \
automatically propagated. I have set up my JBoss 3.2.6 environment like the post: \
http://www.javaworld.com/javaforums/showflat.php?Cat=2&Board=JavaSecurity&Number=2500&page=0&view=collapsed&sb=5&o=&fpart=1 \
The environment consists of WinXP and MySQL:
login-config.xml:
...
| <application-policy name="mcApp">
| <authentication>
| <login-module code="org.jboss.security.ClientLoginModule" \
flag="required"/> | <login-module \
code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> | \
<module-option name="dsJndiName">java:/MySqlDS</module-option> | \
<module-option name="principalsQuery">select password from n_user where \
user_id=?</module-option> | <module-option name="rolesQuery">select \
role 'Roles', RoleGroup 'RoleGroup' from user_roles where user_id=?</module-option> \
| </login-module> | </authentication>
| </application-policy>
| ...
|
jboss-web.xml:
<jboss-web>
| <security-domain>java:/jaas/mcApp</security-domain>
| </jboss-web>
|
web.xml:
...
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>admin</web-resource-name>
| <description>Administration Profile</description>
| <url-pattern>/restricted/*</url-pattern>
| <http-method>GET</http-method>
| <http-method>POST</http-method>
| </web-resource-collection>
| <auth-constraint>
| <description>Administration</description>
| <role-name>AdminRole</role-name>
| </auth-constraint>
| <user-data-constraint>
| <transport-guarantee>NONE</transport-guarantee>
| </user-data-constraint>
| </security-constraint>
| <login-config>
| <auth-method>FORM</auth-method>
| <realm-name>mcApp</realm-name>
| <form-login-config>
| <form-login-page>/login.jsp</form-login-page>
| <form-error-page>/badlogin.jsp</form-error-page>
| </form-login-config>
| </login-config>
| <!--
| <login-config>
| <auth-method>BASIC</auth-method>
| <realm-name>mcApp</realm-name>
| </login-config>
| -->
| <security-role>
| <description>Administration</description>
| <role-name>AdminRole</role-name>
| </security-role>
| ...
|
LoginAction.java:
...
| try {
| SecurityAssociationHandler handler = new SecurityAssociationHandler();
| SimplePrincipal user = new SimplePrincipal(j_username);
| handler.setSecurityInfo(user, new String(j_password));
| LoginContext loginContext = new LoginContext("mcApp", \
(CallbackHandler)handler); | loginContext.login();
| Subject subject = loginContext.getSubject();
| Set principals = subject.getPrincipals();
| System.out.println("-> LoginAction: Principals:" + principals.toString());
| }
| catch(LoginException e) {
| e.printStackTrace();
| errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("Wrong Username or \
Password")); | saveErrors(request, errors);
| return (mapping.getInputForward());
| }
| ...
|
View the original post : \
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3853402#3853402
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3853402
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic