-
1. Re: getUserPrincipal() not returning the expected value
baric Jan 8, 2004 4:56 PM (in response to renato0307)Well, I'm having pretty much the same problem, where the Principal put into the CallerPrincipal Group is not the one returned in the JSP when you call request.getUserPrincipal(). Looks like I'm going code diving...
-
2. Re: getUserPrincipal() not returning the expected value
anbenham Jan 9, 2004 3:28 AM (in response to renato0307)Hi,
I have posted the same problem some week ago, and none could help me.
Because JSP´s are handled by the embedded Tomcat, I have tried to find an answer at the tomcat-mailinglists. This is the only answer I got:
"you need a custom Realm
implementation, probably a simple extension of one of the existing Realms
(see the Realm how-to and server.xml for discussion and examples). This
realm will create your custom principal object.
"
The problem is that the embedded Tomcat doesn´t have a server.xml.
So I am afraid we need an answer from the JBOss-Specialisits.
Hope a.s.a.p
Yours -
3. Re: getUserPrincipal() not returning the expected value
anbenham Jan 9, 2004 4:09 AM (in response to renato0307)I don´t think it´s a Tomcat Problem, because the given Principal is a SimplePrincipal, which is a jboss Class. So JBoss didn´t do the right work.did it?
-
4. Re: getUserPrincipal() not returning the expected value
baric Jan 9, 2004 5:15 AM (in response to renato0307)"anbenham" wrote:
I don't think it's a Tomcat Problem, because the given Principal is a SimplePrincipal, which is a jboss Class.
Exactly. Somewhere Tomcat and JBoss are talking to each other and JBoss seems to be providing the operational environment identity as opposed to the create application identity, as it does in EJB's. So the question is why this difference and how to fix it? -
5. Re: getUserPrincipal() not returning the expected value
wdrai Jan 9, 2004 9:11 AM (in response to renato0307)The problem is in the jboss tomcat integration :
You will ALWAYS get a SimplePrincipal in getUserPrincipal().
Here is a part of the authentication code in JBossSecurityMgrRealm :
public Principal authenticate(String username, String credentials)
{
...
// Get the JBoss security manager from the ENC context
AuthenticationManager securityMgr = (AuthenticationManager) securityCtx.lookup("securityMgr");
principal = new SimplePrincipal(username);
char[] passwordChars = null;
if( credentials != null )
passwordChars = credentials.toCharArray();
if( securityMgr.isValid(principal, passwordChars) )
{
category.log(XLevel.TRACE, "User: "+username+" is authenticated");
SecurityAssociation.setPrincipal(principal);
SecurityAssociation.setCredential(passwordChars);
}
else
{
principal = null;
category.log(XLevel.TRACE, "User: "+username+" is NOT authenticated");
}
...
return principal;
}
I think the LoginModule is called by securityMgr.isValid but the resulting LoginContext is never used. -
6. Re: getUserPrincipal() not returning the expected value
ben.alex Mar 6, 2004 8:57 PM (in response to renato0307)Hi everyone. I came across the same issue whilst writing a security adapter for JBoss (www.acegi.com.au/security). You'll find the following will work:
import java.security.Principal; import java.util.Iterator; import javax.naming.InitialContext; import javax.naming.NamingException; import javax.security.auth.Subject; import javax.servlet.http.HttpServletRequest; import au.com.acegi.springsecurity.Authentication; import au.com.acegi.springsecurity.adapters.AbstractMvcIntegrationInterceptor; /** * Populates a {@link SecureContext} from JBoss' * <code>java:comp/env/security/subject</code>. * * <p>See {@link AbstractMvcIntegrationInterceptor} for further information. * * @author Ben Alex * @version $Id: JbossMvcIntegrationInterceptor.java,v 1.2 2004/03/02 23:27:08 balex Exp $ */ public class JbossMvcIntegrationInterceptor extends AbstractMvcIntegrationInterceptor { public Object extractFromContainer(HttpServletRequest request) { Subject subject = null; try { InitialContext ic = new InitialContext(); subject = (Subject) ic.lookup("java:comp/env/security/subject"); } catch (NamingException ne) { if (super.logger.isDebugEnabled()) super.logger.warn("Lookup on Subject failed " + ne.getLocalizedMessage()); } if (subject != null && subject.getPrincipals() != null) { Iterator principals = subject.getPrincipals().iterator(); while (principals.hasNext()) { Principal p = (Principal) principals.next(); if (super.logger.isDebugEnabled()) super.logger.debug("Found Principal in container (" + p.getClass().getName() + ") : " + p.getName()); if (p instanceof Authentication) return p; } } return null; } }
-
7. Re: getUserPrincipal() not returning the expected value
starksm64 Mar 7, 2004 10:03 AM (in response to renato0307)A custom principal is used in the tomcat layer as of 3.2.4RC1 is the login module provides a group named CallerPrincpal that contains the custom principal.