Prinicpal = null
milkygto Mar 11, 2005 2:22 PMCan anyone point out what is the problem here? I followed the jaashowto, but I still can't get the principal to work.
After I do the loginContext.login(), my user and role are set. If I do a forward(), I can get to the restricted resources.
But if I do a request.sendRedirect, I will lost all the principal. So I tested it by getting it out from request.getUserPrincipal(),
and it didn't suprise me for returning me a null. I am tested it jboss 4.0.1 RC1 and RC2, and both of them doesn't work.
Thanks,
-------------------------------------------------------------------------------
LoginServlet
-------------------------------------------------------------------------------
String username = request.getParameter("username");
String password = request.getParameter("password");
try {
if (username != null && password != null) {
SecurityAssociationHandler handler = new SecurityAssociationHandler();
SimplePrincipal user = new SimplePrincipal(username);
handler.setSecurityInfo(user, password.toCharArray());
LoginContext loginContext = new LoginContext("equilar-login",
(CallbackHandler) handler);
loginContext.login();
Subject subject = loginContext.getSubject();
Set principals = subject.getPrincipals();
principals.add(user);
Principal p = request.getUserPrincipal();
if (p != null)
log.info("Principal = " + p.getName());
else
log.info("Principal is null");
try {
response.sendRedirect("/index.jsp");
return;
} catch (IOException e) {
log.error("sendRedirect failed", e);
}
} else {
try {
response.sendRedirect("/login.jsp");
return;
} catch (IOException e) {
log.error("Failed redirecting", e);
}
}
} catch (LoginException e) {
log.info("Login failed for " + username +". Reason: " + e.getMessage());
try {
response.sendRedirect("/login.jsp?login=failed");
return;
} catch (IOException ee) {
log.error("Failed redirecting", ee);
}
}
-------------------------------------------------------------------------------
Auth.conf in jboss/server/default/conf
-------------------------------------------------------------------------------
client-login
{
org.jboss.security.ClientLoginModule required;
};
equilar-login
{
org.jboss.security.ClientLoginModule required
;
org.jboss.security.auth.spi.UsersRolesLoginModule required
usersProperties="users.properties"
rolesProperties="roles.properties"
unauthenticatedIdentity=nobody
;
};
-------------------------------------------------------------------------------
Auth.conf in jboss/client
-------------------------------------------------------------------------------
client-login
{
org.jboss.security.ClientLoginModule required;
};
equilar-login
{
org.jboss.security.ClientLoginModule required
;
org.jboss.security.auth.spi.UsersRolesLoginModule required
unauthenticatedIdentity=nobody
;
};
-------------------------------------------------------------------------------
login-config.xml
-------------------------------------------------------------------------------
<application-policy name="equilar-login">
<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
</login-module>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="usersProperties">users.properties</module-option>
<module-option name="rolesProperties">roles.properties</module-option>
<module-option name="unauthenticatedIdentity">nobody</module-option>
</login-module>
</application-policy>