4 Replies Latest reply on May 31, 2005 8:34 AM by tcherel

    How to propagate user name

    pawel.bodnar
    pawel.bodnar May 25, 2005 5:05 PM

      Hi
      I've created my own LoginModule that extends UsernamePasswordLoginModule
      I authenticate my user in JSP page - using LoginContext and it works fine,

      But later inside any method of any SessionBean:

      .getSessionContext().getCallerPrincipal().getName()
      retruns "nobody" string apart from valid Principal
      input arguments:
      login - provided in form user login
      password - password provided by user

      SecurityAssociationHandler handler = new SecurityAssociationHandler();
Principal principal = new SimplePrincipal(login);
handler.setSecurityInfo(principal, password.toCharArray());

//get login password handler
LoginContext lc = new LoginContext("mydomian", handler);

try {
 lc.login();
 Subject subject = lc.getSubject();
 Set principals = subject.getPrincipals();
 principals.add(principal);
 SecurityAssociation.setPrincipal(principal);
 SecurityAssociation.setCredential(password.toCharArray());
 SecurityAssociation.setSubject(subject);
 System.out.println("Subject " + subject.toString());
 return subject;
} catch(LoginException e) {

 System.out.println("authentication failed");
 e.printStackTrace();
 throw e;
}

      Any ideas ?



      • 3721 Views
      • Tags:
        • 1. Re: How to propagate user name
          tcherel
          tcherel May 29, 2005 3:25 PM (in response to pawel.bodnar)


          Which JBoss version are you using?

          Any particular reason why you are not just using BASIC or FORM based authentication in your web application?

          With JBoss 4.0.2, with both BASIC and FORM based authentication, you do not have to write your own login logic and user identity is automatically propagated to the EJB layer.

          Thomas

            • Actions
          • 2. Re: How to propagate user name
            pawel.bodnar
            pawel.bodnar May 30, 2005 3:12 AM (in response to pawel.bodnar)

            I am using JBOSS 3.2.6, I have very complex model of roles - that is why I have to use my own login module.
            Is there any configuration that I need to do with EJB components (in file ejb-xml)

            Best regards
            Paul

              • Actions
            • 3. Re: How to propagate user name
              pawel.bodnar
              pawel.bodnar May 30, 2005 3:16 AM (in response to pawel.bodnar)

              And another thing yet,
              I login my user in filter servlet - maybe it cause some troubles ?

              Best regards
              Pawel

                • Actions
              • 4. Re: How to propagate user name
                tcherel
                tcherel May 31, 2005 8:34 AM (in response to pawel.bodnar)


                The fact that you have a complex role model and that you need your own JAAS login module does not mean that you need to do your own programmatic login.
                You can define your own JBoss security domain (conf/login-config.xml) that will use your JAAS login module. You can then associate your war file with this security domain (in the jboss-wev.xml) and JBoss/Tomcat will take care of calling your login module when needed.
                I also think that with JBoss 3.2.6, identity propagation with backend EJB will work as well.

                If you still think that you need to call LoginContext.login by yourslef, I think you will have to dig into the JBoss code to understand how to propagate the security identity properly. You can find a few posts in this forum explianing you that by using the JBoss ClientLoginModule in your JAAS configuration, this will work, but this is valid on a per-request only (I think), which is making it not very usable, I think.

                Thomas


                  • Actions