3 Replies Latest reply on Aug 17, 2003 11:38 AM by claude.glauser

Authentication exception, principal=null

ebdr Aug 12, 2003 6:10 PM

Hi,

I am very new to JBoss and am developing a new application. I am using jboss-3.0.6_tomcat-4.1.18.

I am authenticating users in the struts LoginAction using the following code:

LoginForm form = (LoginForm) actionForm;
String username = form.getUsername();
String password = form.getPassword();
try {
SecurityAssociationHandler handler = new SecurityAssociationHandler();
Principal user = new SimplePrincipal(username);
handler.setSecurityInfo(user, password.toCharArray());
LoginContext loginContext = new LoginContext("samples", (CallbackHandler) handler);
loginContext.login();
Subject subject = loginContext.getSubject();
Set principals = subject.getPrincipals();
principals.add(user);
} catch (LoginException e) {
errors.add("loginerror", new ActionError("Wrong Username or Password"));
saveErrors(request, errors);

return mapping.findForward(Constants.ACTION_FAILURE);
}

// login succeeded: doing other business logic here

The login succeeds when I enter the right username and password and fails otherwise, so I know that the login mechanism works. But for some reason, the EJB container does not seem to get the principal...
Thank you for your help.

Eric

1. Re: Authentication exception, principal=null

claude.glauser Aug 12, 2003 11:41 PM (in response to ebdr)

Is your "sample" security domian a client login module ? Look for a file called something like
login....xml in the conf directory of your server directory. The names must match.

See:

http://www.luminis.nl/publications/websecurity.html
Actions
2. Re: Authentication exception, principal=null

ebdr Aug 16, 2003 9:26 AM (in response to ebdr)

Hi Claude,

Sorry for the late response. my sample security domain is specified like this in my login-config.xml:

<application-policy name = "sample">

<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />

</application-policy>

I have defined a username=password and username=role in my password and group files respectively. Is this the proper configuration?

Thanks again.

Eric
Actions
3. Re: Authentication exception, principal=null

claude.glauser Aug 17, 2003 11:38 AM (in response to ebdr)

In my case, I use:
1. (snippet of login-config.xml)


<application-policy name = "client-login">

<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
</login-module>

</application-policy>

and

<application-policy name = "bbloxDB">

<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name="dsJndiName">java:/MySqlDS</module-option>
<module-option name="principalsQuery">select PASSWORD from BBLOXUSERS ID where id=?</module-option>
<module-option name="rolesQuery">select ROLES, 'Roles' from BBLOXUSERENTITY_ROLES_BBLOXROLEENTITY_USERS where USERS=?</module-option>
</login-module>

</application-policy>

------------------------
In the servlet, I use

LoginContext loginContext = new LoginContext("client-login", (CallbackHandler) handler);

In the jboss.xml (In meta-inf of ejb jar file) is an entry that the
"bbloxDB" security domain must be used.

Client-login module is something like an
"intermediate" login, which propagates to
the database loginmodule (my English is
rather poor).

Hope this helps.
Actions

Go to original post