'[JBoss-user] [Security & JAAS/JBoss] - Principal=null after a successful JDBC login and following h'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jboss-user
Subject:    [JBoss-user] [Security & JAAS/JBoss] - Principal=null after a successful JDBC login and following h
From:       northrop <nukes () jboss ! org>
Date:       2004-10-31 4:04:18
Message-ID: 5015176.1099195458423.JavaMail.jboss () colo-br-02 ! atl ! jboss ! com
[Download RAW message or body]

Any ideas?  I've looked at other posts regarding this same issue and have not been \
able to solve the problem that the subject and principals are not retained between \
http requests.  In JSP's (or other code - Struts application), a call to \
request.getUserPrincipal() returns null after a successful login and subsequent \
requests using the DatabaseServerLoginModule configuration.  The login.jsp page is \
always presented if a restricted page is accessed - even after authentication is \
passed.  If I change web.xml to use BASIC instead of FORM based for authentication, \
the problem goes away - principals are retained between requests and the login.jsp \
page is only presented once.  In trying to narrow down the problem, it seems that \
when using DatabaseServerLoginModule for authentication, the credentials are not \
automatically propagated.  I have set up my JBoss 3.2.6 environment like the post: \
http://www.javaworld.com/javaforums/showflat.php?Cat=2&Board=JavaSecurity&Number=2500&page=0&view=collapsed&sb=5&o=&fpart=1 \
 The environment consists of WinXP and MySQL:

login-config.xml:
...
  |     <application-policy name="mcApp">
  |         <authentication>
  |             <login-module code="org.jboss.security.ClientLoginModule" \
flag="required"/>  |             <login-module \
code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">  |      \
<module-option name="dsJndiName">java:/MySqlDS</module-option>  |                 \
<module-option name="principalsQuery">select password from n_user where \
user_id=?</module-option>  |                 <module-option name="rolesQuery">select \
role 'Roles', RoleGroup 'RoleGroup' from user_roles where user_id=?</module-option>  \
|             </login-module>  |         </authentication>
  |     </application-policy>
  | ...
  | 
jboss-web.xml:
<jboss-web>
  |    <security-domain>java:/jaas/mcApp</security-domain>
  | </jboss-web>
  | 
web.xml:
...
  |   <security-constraint>
  |         <web-resource-collection>
  |             <web-resource-name>admin</web-resource-name>
  |             <description>Administration Profile</description>
  |             <url-pattern>/restricted/*</url-pattern>
  |             <http-method>GET</http-method>
  |             <http-method>POST</http-method>
  |         </web-resource-collection>
  |         <auth-constraint>
  |             <description>Administration</description>
  |             <role-name>AdminRole</role-name>
  |         </auth-constraint>
  |         <user-data-constraint>
  |             <transport-guarantee>NONE</transport-guarantee>
  |         </user-data-constraint>
  |   </security-constraint>
  |   <login-config>
  |         <auth-method>FORM</auth-method>
  |         <realm-name>mcApp</realm-name>
  |         <form-login-config>
  |             <form-login-page>/login.jsp</form-login-page>
  |             <form-error-page>/badlogin.jsp</form-error-page>
  |         </form-login-config>
  |   </login-config>
  | <!--
  |   <login-config>
  |       <auth-method>BASIC</auth-method>
  |       <realm-name>mcApp</realm-name>
  |   </login-config>
  | -->
  |   <security-role>
  |         <description>Administration</description>
  |         <role-name>AdminRole</role-name>
  |   </security-role>
  | ...
  | 
LoginAction.java:
...
  | 		try {
  | 			SecurityAssociationHandler handler = new SecurityAssociationHandler();
  | 			SimplePrincipal user = new SimplePrincipal(j_username);
  | 			handler.setSecurityInfo(user, new String(j_password));
  | 			LoginContext loginContext = new LoginContext("mcApp", \
(CallbackHandler)handler);  | 			loginContext.login();
  | 			Subject subject = loginContext.getSubject();
  | 			Set principals = subject.getPrincipals();
  | System.out.println("-> LoginAction: Principals:" + principals.toString());
  | 		}
  | 		catch(LoginException e) {
  | 			e.printStackTrace();
  | 			errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("Wrong Username or \
Password"));  | 			saveErrors(request, errors);
  | 			return (mapping.getInputForward());
  | 		}
  | ...
  | 

View the original post : \
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3853402#3853402

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3853402



-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic