Problem with Roles in Jetty
ansonyumo Mar 28, 2002 1:05 PMHi,
I am having a problem with Roles and the JBoss 2.4.3 / Jetty 3.1.3 distribution.
We use a custom login module that extends DatabaseServerLoginModule and overrides validatePassword. This works correctly, we see a log message that indicates the user has successfully authenticated via form-based authentication.
However, when JaasSecurityManager.doesUserHaveRole is invoked, it returns false even though the user is a member of the requested role. I have verified this by overriding getRoleSets in our custom LoginModule and sending the roles for the user to the log.
The log follows this message. Here are the highlights:
1) The message "User 'vern1' authenticated" indicates that the user successfully logged in.
2) The message "getRoleSets = 1" is output from the overridden getRoleSets, and indicates the length of the returned array.
3) The message "group = Roles" indicates that the name of the returned Group is "Roles"
4) The message "role = Students org.jboss.security.SimplePrincipal" indicates that the Roles group contains one Principal named Students.
All of this is just verifying that DatabaseServerLoginModule.getRoleSets is behaving correctly.
However, the following log message indicates that the user does not have the Role "Students", which is contrary to the above debug output.
I have delved into the JBoss code a bit to try to determine what is going on here. In org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole, I output a log message to indicate the result of the call to getActiveSubject(). Surprisingly, this is always returning null, even though the user is logged in. doesUserHaveRole then returns false, which would explain the described failure to recognize a user's role.
To make all of this worse, our application works fine using Tomcat / JBoss. I suspect that something is wrong with our jboss-web.xml, web.xml or auth.conf. I had to add a realm-name to login-config of web.xml in order to get Jetty to authenticate a user, is there some other configuration that Jetty requires but Tomcat ignores?
Or, any other ideas?
Thanks.
Brian Smith
Here is the relevant log output:
[Default SocketListener-4] 2002-03-28 11:40:54,930 User 'vern1' authenticated.
[Default SocketListener-4] 2002-03-28 11:40:55,145 *** getRoleSets = 1
[Default SocketListener-4] 2002-03-28 11:40:55,146 *** group = Roles
[Default SocketListener-4] 2002-03-28 11:40:55,147 *** role = Students org.jboss.security.SimplePrincipal
[Jetty SocketListener-4] 2002-03-28 11:40:55,206 Security- User: vern1 is authenticated
[Jetty SocketListener-0] 2002-03-28 11:40:55,227 Security- User: vern1
[Jetty SocketListener-0] 2002-03-28 11:40:55,228 Security- User: vern1 is NOT in Role: Students
[Jetty SocketListener-0] 2002-03-28 11:40:55,229 Security- User: vern1 is NOT in Role: Teachers
[Jetty SocketListener-0] 2002-03-28 11:40:55,229 Security- User: vern1 is NOT in Role: Admins
[Jetty SocketListener-0] 2002-03-28 11:40:55,230 WARNING: AUTH FAILURE: role for vern1
[Default SocketListener-4] 2002-03-28 11:40:54,930 User 'vern1' authenticated.
[ilsDB SocketListener-4] 2002-03-28 11:40:54,933 No transaction right now.
[ilsDB SocketListener-4] 2002-03-28 11:40:54,934 Pool ilsDB [1/1/100] gave out pooled object: org.jboss.pool.jdbc.xa.wrapper.XAConnectionImpl@59fb21
[ilsDB SocketListener-4] 2002-03-28 11:40:55,144 Pool ilsDB [0/1/100] returned object org.jboss.pool.jdbc.xa.wrapper.XAConnectionImpl@59fb21 to the pool.
[Default SocketListener-4] 2002-03-28 11:40:55,145 *** getRoleSets = 1
[Default SocketListener-4] 2002-03-28 11:40:55,146 *** group = Roles
[Default SocketListener-4] 2002-03-28 11:40:55,147 *** role = Students org.jboss.security.SimplePrincipal
[Jetty SocketListener-4] 2002-03-28 11:40:55,206 Security- User: vern1 is authenticated
[Jetty SocketListener-0] 2002-03-28 11:40:55,227 Security- User: vern1
[Jetty SocketListener-0] 2002-03-28 11:40:55,228 Security- User: vern1 is NOT in Role: Students
[Jetty SocketListener-0] 2002-03-28 11:40:55,229 Security- User: vern1 is NOT in Role: Teachers
[Jetty SocketListener-0] 2002-03-28 11:40:55,229 Security- User: vern1 is NOT in Role: Admins
[Jetty SocketListener-0] 2002-03-28 11:40:55,230 WARNING: AUTH FAILURE: role for vern1