jaas jsp login problem
inkypinky Apr 8, 2004 11:23 AMHi,
I'm using the Tomcat server which comes with jboss. I'm having a problem with jboss login using jaas via jsp. I successfully manage to login using jaas. The "System.out.println(userPrincipalName);" in the jsp snippet returns "test", all well and good so far. This then calls getUser() in the ejb snippet at the bottom of this mail. The "System.out.println(ctx.getCallerPrincipal().getName());" called in the ejb snippet below returns "nobody" though.
I'm not sure if the system is only logging the user into Tomcat or if it is because there are no <method-permission> tags in the ejb-jar.xml. I don't need security for my beans yet but for ctx.getCallerPrincipal() to work does the bean need a method permission tag with unchecked instead of a role name? If the system is only logging the user into Tomcat is there a way to pass this login info on?
Can this be done at all or does the login have to happen on the ejb side of the code rather than in the jsp? I would have thought that it would work on the jsp side as it is calling a login-module defined in jboss's login-config.xml
Any help would be much appreciated.
Thanks in advance,
Neil Mendoza
--------------------------------------jsp snippet---------------------- String user="test"; String pass="test"; try { UsernamePasswordHandler handler = new UsernamePasswordHandler(user, pass.toCharArray()); LoginContext loginContext = new LoginContext("ias-login", handler); loginContext.login(); try { String userPrincipalName = ((Principal) loginContext.getSubject().getPrincipals().iterator().next()).getName(); if (userPrincipalName == null) System.out.println("name is null!"); else System.out.println(userPrincipalName); UserValue userValue = UserManagerUtil.getLocalHome().create().getUser(); session.setAttribute("myUserValue", userValue); %> <jsp:forward page="./index.jsp?action=workspace" /> <% } catch (javax.ejb.FinderException e) { errorMessage = "The login details you entered were valid with jaas but not with ias."; } } catch (javax.security.auth.login.LoginException e) { errorMessage = "The login details you entered were not valid."; } -----------------------------------end of jsp------------------------------ ------------------------ejb snippet-------------------------------- /** * Get the "logged-in" user from the caller principal * * @return The logged-in user. * @ejb.interface-method view-type="both" * @ejb.transaction type="Required" **/ public UserValue getUser() throws FinderException { try { UserLocalHome cHome = UserUtil.getLocalHome(); System.out.println(ctx.getCallerPrincipal().getName()); UserLocal ul = cHome.findByUserName(ctx.getCallerPrincipal().getName()); return (UserValue) ul.getUserValue(); } catch ( NamingException ne ) { throw new EJBException("An error occurred while connecting to the Application Server.", ne ); } } --------------------------end of ejb-----------------------------------