-
1. Re: JAAS Authorization
jarikr Jul 24, 2003 6:32 PM (in response to pkrishna)Hi,
apparently you haven't assigned any role to your principal "Eric"? E.g. when you are using the UserRolesLoginModule, did you define a roles.properties besides the users.properties? Or did you use the unauthenticatedprincipal tag? -
2. Re: JAAS Authorization
pkrishna Jul 25, 2003 4:00 PM (in response to pkrishna)Hello:
I appreciate you responding to my querry. Let me give you little more details. I am using a custom login module called DatabaseRoleLoginModule which is supposed to query the database and map the role to the user. Here is the snippet of the entries:
<application-policy name = "OciSRP">
<login-module code = "org.jboss.security.srp.jaas.SRPCacheLoginModule"
flag = "required">
<module-option name = "cacheJndiName">srp/AuthenticationCache</module-option>
</login-module>
<login-module code = "com.ociweb.jmx.jaas.srp.DatabaseRoleLoginModule"
flag = "required">
<module-option name = "dsJndiName">java:/security</module-option>
<module-option name = "rolesQuery">"SELECT Roles.name, 'Roles' FROM Roles,GroupRoles,Groups,UserGroups,Users WHERE Roles.id=GroupRoles.roleID AND GroupRoles.groupID=Groups.id AND UserGroups.groupID=Groups.ID AND UserGroups.userID=Users.id AND Users.username=?"</module-option>
<module-option name="password-stacking">useFirstPass</module-option>
</login-module>
</application-policy>
Here is the snippet of the ejb-jar.xml:
<method-permission>
<ejb-name>CatalogMgrBean</ejb-name>
<method-name>create</method-name>
<ejb-name>UserMgrBean</ejb-name>
<method-name>create</method-name>
</method-permission>
The jboss.xml contains an entry:
<security-domain>java:/jaas/OciSRP</security-domain>
The client application calls the create method of the CatalogMgr and that's when the exception is thrown. Since the permission for this method is unchecked, anybody should be able to call the create method.
I also put some print statements in the custom login module. There is a method called getRoleSets. This method does not get called.
Does this information help? -
3. Re: JAAS Authorization
jarikr Jul 29, 2003 9:07 AM (in response to pkrishna)Hi again,
well the Exception that has been thrown shows that the principalrole is null - it should just be empty like principalRoles=[]. I don't know - maybe there is a problem in your LoginModule. Have tried the UserRolesLoginModule? -
4. Re: JAAS Authorization
pkrishna Jul 31, 2003 5:31 PM (in response to pkrishna)Yes, I tried UsersRoleLoginModile and it seems to work on two different examples I tried. Since I had downloaded this login module, I am not sure if it has been properly implemented. Based on the documentation, this was supossed to work on JBoss 2.x. What I was trying was to port it to JBoss 3.x and I ran into these problems.