-
1. Re: Custom LoginModule is rejected by jboss
zsoltvincze Nov 3, 2004 1:46 PM (in response to zsoltvincze)Problem solved. I had to modify the Commit method of my login module as follows:
************
TestGroup roles = new TestGroup("Roles");
TestPrincipal user = new TestPrincipal(username);
roles.addMember(new TestPrincipal("JBossAdmin"));
subject.getPrincipals().add(user);
subject.getPrincipals().add(roles);
************
Was I blind that I've never seen the need for the first line? It seemd to me that all materials only stated to have the role added as a principal to the subject's principals.
Is the above based on standard j2ee or this is jboss specific? -
2. Re: Custom LoginModule is rejected by jboss
formenti Nov 4, 2004 3:41 AM (in response to zsoltvincze)I'm trying to create a custom Principal too.
I must simply:
1) write my new principal that implements Principal and java.io.Serializable
2) override the AbstractServerLoginModule's commit() method in my new LoginModule with the lines specify in your post
Right? Other steps needed? I must create a Group class too?
Thanks fo any help!
Gio -
3. Re: Custom LoginModule is rejected by jboss
zsoltvincze Nov 4, 2004 11:01 AM (in response to zsoltvincze)Yes, in order to make jboss aware of the role, that was the only solution I could use. TheTestGroup class used in the example is a user class, so yes, you will have to code one too.
However, now I'm going further and I'd like to use the roles in struts but it does not recognize them.
I've checked the request.isUserInRole method and it returns false.
Could someone from jboss comment on this? I mean, is it how it should be? Jboss is able to verify my credentials but the request does not know about it? -
4. Re: Custom LoginModule is rejected by jboss
formenti Nov 4, 2004 11:04 AM (in response to zsoltvincze)I'd like to write (maybe with someone with more knowledge) a "Custom Principal HOWTO"...
-
5. Re: Custom LoginModule is rejected by jboss
starksm64 Nov 4, 2004 12:08 PM (in response to zsoltvincze)There are no requirements for the Subject defined in the J2EE specs. We have defined our Subject usage pattern in the online devel guide. The custom principal usage is illustated in the JBossSX wiki section:
http://www.jboss.org/wiki/Wiki.jsp?page=UsingCustomPrincpalsWith -
6. Re: Custom LoginModule is rejected by jboss
zsoltvincze Nov 4, 2004 12:10 PM (in response to zsoltvincze)http://www.jboss.org/index.html?module=bb&op=viewtopic&t=54470
answers the question about struts and about request.isUserInRole
I'm still hesitant to believe that the roles has to be attached to a group that is specifically called "Roles"
If anybody could point to any JAAS/J2EE standards on this, I would very much appriciate. -
7. Re: Custom LoginModule is rejected by jboss
zsoltvincze Nov 4, 2004 12:14 PM (in response to zsoltvincze)Thanks Scott, I only saw your reply after posting mine.
Based on the reference, the way I read it, the requirement to specify roles
"Group roles = new SimpleGroup("Roles");"
is jboss specific. -
8. Re: Custom LoginModule is rejected by jboss
starksm64 Nov 4, 2004 9:14 PM (in response to zsoltvincze)There is no standard that defines how to use a JAAS Subject for authorization prior to J2EE 1.4 so jboss defined a mechanism that uses a java.security.acl.Group named 'Roles' as the location for the declarative roles. J2EE 1.4 defines a new JACC permission based contract for specifying how to delegate the authorization checks. Support for this exists in jboss-4.0.x.
-
9. 3811897
drpizza Nov 26, 2004 12:13 PM (in response to zsoltvincze)J2EE 1.4 defines a new JACC permission based contract for specifying how to delegate the authorization checks. Support for this exists in jboss-4.0.x.
How does one use this? I've read all I can find about JACC (the spec, the JBoss wiki, etc.), but I'm still frankly nonplussed.