4 Replies Latest reply on Jul 14, 2004 4:48 PM by ceasaros

    ClientLoginModule works incorectly

    phantom
    phantom Jul 14, 2004 3:29 PM

      Scott,

      Due to this code in ClientLoginModule:

       public boolean login() throws LoginException
 {
.....................
 if (useFirstPass == true)
 {
 try
 {
 Object name = sharedState.get("javax.security.auth.login.name");
 if ((name instanceof Principal) == false)
 {
 String username = name != null ? name.toString() : "";
 >>>>HERE!!!! loginPrincipal = new SimplePrincipal(username);
 } else



      public boolean commit() throws LoginException
 {
 // Set the login principal and credential and subject
>>AND HERE!!!! SecurityAssociationActions.setPrincipalInfo(loginPrincipal, loginCredential, subject);

 // Add the login principal to the subject if is not there
 Set principals = subject.getPrincipals();
 if (principals.contains(loginPrincipal) == false)
 principals.add(loginPrincipal);
 return true;
 }


      it is imposible to use custom Principal Class.

      Please, fix it or explain how we can use our own custom principal class with "ClientLoginModule logic"?

      Thank you!!!

      • 4420 Views
      • Tags:
        • 1. Re: ClientLoginModule works incorectly
          rimmeraj Jul 14, 2004 3:45 PM (in response to phantom)

          IN jboss 3.2.4 it is

          see

          http://www.jboss.org/index.html?module=bb&op=viewtopic&t=50661

            • Actions
          • 2. Re: ClientLoginModule works incorectly
            phantom
            phantom Jul 14, 2004 4:26 PM (in response to phantom)

            But we use 3.2.5:(

              • Actions
            • 3. Re: ClientLoginModule works incorectly
              rimmeraj Jul 14, 2004 4:33 PM (in response to phantom)

              I do not think it changed between the two versions ..

                • Actions
              • 4. Re: ClientLoginModule works incorectly
                ceasaros
                ceasaros Jul 14, 2004 4:48 PM (in response to phantom)

                It is build in into JBoss 3.2.4 and thus also 3.2.5. I have an application working with my own Principal on both 3.2.4 and 3.2.5.
                I added a

                <module-option name="PrincipalClass>xxx.MyPrincipal</module-option>


                If you also want to access your the xxx.MyPrincipal in the webserver environment you need to write you're own LoginModule and add an extra Group to the getUserRoles() method like: 
                ...
SimpleGroup callerPrincipal = new SimpleGroup("CallerPrincipal");
callerPrincipal.addMember(getIdentity);
...


                I'm not sure if I wrote the configuration and java code 100% correct, cause i type what i remember, i don't have an example available right here.

                If you have still a problem with the new SimplePrincipal which is created in the login method, why don't you override this login method in you're own LoginModule and fix it you're self.

                Even all this there is still one moment where a SimplePrincipal is instantiated and where I also don't have a solution and that is the moment a user logs into on the webserver (tomcat). Inside tomcat a new SimplePrincipal is created and passed to JBoss, after authentication in your LoginModule this SimplePrincipal is changed into your xxx.MyPrincipal. I think the only solution here is to write you're own Realm for Tomcat/JBoss or implement your own JAAS sercurity.

                  • Actions