-
1. Re: Storing user info with a custom login module
stask Dec 29, 2002 12:35 AM (in response to m_sarti)You can do the same, i.e. create custom Principal implementation. You'll need to have following in your Subject:
1. Group "Roles" with all roles inside.
2. Group "CallerPrincipal" with the user Principal inside.
request.getUserPrincipal() in a servlet should return the object that you've stored in the "CallerPrincipal" group in the Subject.
The same for EJB, context.getCallerPrincipal() will return the object.
Hope this helps. -
2. Re: Storing user info with a custom login module
m_sarti Dec 29, 2002 5:51 AM (in response to m_sarti)Thanks for your answer!
I read this in documentation, infact I tryed to do this in MyLoginModule.getRoleSets() implementation. It did'nt work, but after reading your message I probably know why.
MyLoginModule is a subclass of UsernamePasswordLoginModule, this ancestor populate the Subject in commit() method and ignore Group other than "Groups". Obviously I made the implementation in the wrong place.
Now I'm going to overload the commit() method.
Thank you!
Marco -
3. Re: Storing user info with a custom login module
m_sarti Dec 29, 2002 12:39 PM (in response to m_sarti)Hi...
about this, I have implemented a do-nothing MyLoginModule, this module simply implements the Login interface and have a login() method that always return true.
In commit() method, I have coded as follows:
----
Set principals = subject.getPrincipals();
Group gr = new SimpleGroup("Roles");
gr.addMember(new MyPrincipal("Tester"));
principals.add(gr);
gr = new SimpleGroup("CallerPrincipal");
gr.addMember(new MyPrincipal(username));
principals.add(gr);
----
MyPrincipal is a custom implementation of Principal interface, this class should store some user informations (note that the above implemetation is only for experimental testing, please does not consider the non-sense...).
Now, in my servlet/JSP I expect that a call to getUserPrincipal() returns a MyPrincipal object... but it isn't. It returns a org.jboss.security.SimplePrincipal.
I would like to know if the technique I'm trying to set up is correct. My intention is to load some additional user info during login and store them into <some places> (I supposed in the Principal object as I made with Tomcat standalone) so that web objects can access them.
Thanks again...
Marco -
4. Re: Storing user info with a custom login module
stask Dec 31, 2002 2:59 AM (in response to m_sarti)Hi Marco, below is the commit() function from my login module.
Basically two differences:
1. I'm adding the principal to the root level of subject too (i.e. its in the root level and inside roles).
2. "Roles" group contains role groups which contain the principal. I.e. if you have a role, called "Users", you have to create group "Users", add your principal to it and than add the group to the "Roles" group.
-----------------
public boolean commit() throws LoginException {
if (logger.isDebugEnabled()) {
logger.debug(">>> commit()");
}
if (loginOK) {
subject.getPrincipals().add(identity);
QRolePrincipal roles = new QRolePrincipal("Roles");
Vector rolesVec = getRoles(identity);
for (int i = 0; i < rolesVec.size(); i++) {
Principal principal = (Principal) rolesVec.elementAt(i);
roles.addMember(principal);
}
subject.getPrincipals().add(roles);
QRolePrincipal callerPrincipal = new QRolePrincipal("CallerPrincipal");
callerPrincipal.addMember(identity);
subject.getPrincipals().add(callerPrincipal);
}
if (logger.isDebugEnabled()) {
logger.debug("<<< commit()");
}
return loginOK;
}
------------------------------- -
5. Re: Storing user info with a custom login module
aweissman Feb 13, 2003 4:28 PM (in response to m_sarti)When you retrieve the principal in your JSP, are you retrieving a QRolePrincipal? How are you making the retrieval?