-
1. Re: principal=null for JMS invoked call, have a valid princi
shel Feb 7, 2005 6:59 AM (in response to johnv)i got the same thing when trying to init my TimedObjects:
CallbackHandler handler = new UsernamePasswordHandler( "admin", "password".toCharArray() );
LoginContext lc = new LoginContext( "my_domain", handler );
lc.login();
Subject subject = lc.getSubject();
String result = (String) Subject.doAs( subject, new PrivilegedAction()
{
public Object run()
{
String result = "done";
try
{
Context jndiContext = new InitialContext();
Object ref = jndiContext.lookup( "TestJobRemoteHome" );
TestJobRemoteHome home = (TestJobRemoteHome) PortableRemoteObject.narrow( ref, TestJobRemoteHome.class );
TestJobRemote remote = home.create();
remote.scheduleJob();
}
catch( Exception e )
{
e.printStackTrace();
result = "bust";
}
return result;
}
} );
i'm using my own login module and it's being called 2 times here:
1st on lc.login();
this moment it works fine and gets password and roles set
(in fact the module works fine all the way when i'm using it for authenticated by "j_security_check" submits,
but i need some kind of authentication on behalf of "System", not a logged in User).
2nd on home.create();
this moment i took a look at
public void initialize( Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options )
which is being called again and saw that:
org.jboss.security.auth.callback.SecurityAssociationHandler
with principal=null, so it's failed.
my thought there shouldn't be 2nd check as far as we perform doAs with a authenticated already subject.
i have no idea what the problem is, i have just met it, i'll be investigating this tomorrow,
please let me know if you already figured it out. -
2. Re: principal=null for JMS invoked call, have a valid princi
starksm64 Feb 7, 2005 11:27 AM (in response to johnv)Read the JAAS Howto posting in this forum as it describes how the security context is propagated. A Subject.doAs does not affect the propagated security context. The preceeding JAAS login need to include the org.jboss.security.ClientLoginModule.
-
3. Re: principal=null for JMS invoked call, have a valid princi
shel Feb 8, 2005 3:52 AM (in response to johnv)yeah, i got the idea, it's like a 2-phase authentication where ClientLoginModule "does not perform client-side authentication, but simply binds the username and password to the JBoss EJB invocation layer for later authentication on the server".
2 johnv: skipping the details the only thing i did to make it work - i changed 1 code line as follows:
LoginContext lc = new LoginContext( "client-login", handler );
i also removed "doAs"-call which i added just for testing, it works both ways.
good luck. -
4. Re: principal=null for JMS invoked call, have a valid princi
pytaghoras Feb 8, 2005 10:49 AM (in response to johnv)I have the some problem. The IsUserInRole always returns false.
try {
SecurityAssociationHandler handler = new SecurityAssociationHandler();
Principal user = new SimplePrincipal(userName);
handler.setSecurityInfo(user, password.toCharArray());
LoginContext loginContext = new LoginContext("MyRealm",
(CallbackHandler) handler);
loginContext.login();
subject = loginContext.getSubject();
Set principals = subject.getPrincipals();
principals.add(user);
} catch (LoginException e) {
System.out.println("Error LoginException: " + e);
}
if (request.isUserInRole("Admin")) {
System.out
.println("User with role admin is forwarded to admin page");
return mapping.findForward("Admin");
} else if (request.isUserInRole("ViewBills")) {
System.out
.println("User with role ViewBills is forwarded to ViewBills page");
return mapping.findForward("ViewBills");
} else {
System.out
.println("User has no role. He needs to be forwarded to login page");
return mapping.findForward("failure");
}
}