form based auth & DatabaseServerLoginModule
javaprogrammer Oct 13, 2004 6:37 AMHello to everyone. First of all sorry for my english :)
I have a problem. I'm using DatabaseServerLoginModule and form based authentification in my develop. first servlet executing login and if everything is ok it's redirect to other servlet. In this servlet i'm trying to request.getUserPrincipal(). It's null. Why?
Here is my souces:
********login-config.xml*****
<application-policy name = "UserPolicy">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name = "dsJndiName">java:/FirebirdDS</module-option>
<module-option name = "principalsQuery">SELECT PASS FROM users WHERE LOGIN=?</module-option>
<module-option name = "rolesQuery">SELECT ROLE, 'Roles' FROM users WHERE LOGIN=?</module-option>
<module-option name = "unauthenticatedIdentity">anonymouse</module-option>
</login-module>
</application-policy>
*****************************
**************web.xml********
security-constraint>
<web-resource-collection>
<web-resource-name>Secured Web Resource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>UserPolicy</realm-name>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/login</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
****************************
******jboss-web.xml*********
<security-domain>java:/jaas/UserPolicy</security-domain>
***************************
*****jboss.xml**********
<security-domain>java:/jaas/UserPolicy</security-domain>
***********************
*****my login servlet, which starts like a first page (URL pattern = login)******
...
String login = request.getParameter("j_username");
String password = request.getParameter("j_password");
...
System.setProperty("java.security.auth.login.config", "D:/jboss-3.2.5/client/auth.conf");
System.out.println("Creating CallBackHandler");
CallbackHandler handler = new MyHandler(login, password);
System.out.println("Creating LoginContext");
LoginContext logcont = new LoginContext("UserPolicy", handler);
System.out.println("Created LoginContext");
try {
logcont.login();
System.out.println("Logon!!! Getting username/password");
Subject sub = logcont.getSubject();
System.out.println("Principals "+ sub.getPrincipals().toString());
System.out.println("Credentials "+ sub.getPublicCredentials().toString());
}
catch (Exception e) {
System.out.println("Authentication failed: " + e.getMessage());
} System.out.println("loginservletuser: " + user);
...
**********************************************
if everything ok, it redirects to other servlet in which i have
...
Principal user1 = request.getUserPrincipal();
...
and it's = null. Because of this I don't have any roles and I can't get access to my beans.
Please, ive some ideas about it!!!!!
P.S. With Best regards :)
and who can tell how create object Principal from object Subject?