2 Replies Latest reply on Dec 5, 2005 10:47 AM by cassio

Creating principal from custom headers

cassio Dec 2, 2005 11:11 AM

Hi,
I'm trying to create a Principal based on information retrieved from custom headers that are fed into JBoss by an Apache and mod_jk connector instance. This principal has to be available for the application via the normal calls, as if the user had been authenticated by the usual FORM authentication.
I wrote a valve that creates a GenericPrincipal and puts it in the request with request.setUserPrincipal(). However, that causes a NPE when Jboss tries to look up the user's roles:
ERROR [org.apache.catalina.connector.CoyoteAdapter] An exception or error occurred in the container during the request processing
java.lang.NullPointerException
at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.hasRole(JBossSecurityMgrRealm.java:286)
at org.apache.catalina.realm.RealmBase.hasResourcePermission(RealmBase.java:763)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:464)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.jboss.web.tomcat.security.HttpServletRequestValve.invoke(HttpServletRequestValve.java:51)
at com.ninestarresearch.shibboleth.ShibValve.invoke(ShibValve.java:69)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:392)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:307)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:385)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:748)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:678)
at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:871)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)

How can I fix this, or is there a better way to accomplish what I'm trying to do?

1. Re: Creating principal from custom headers

starksm64 Dec 3, 2005 3:52 PM (in response to cassio)

Custom principals need to be introduced via the login module. This is not supported via Valves as jboss itself uses a valve that makes custom principals created by the login/authentication process available as the getUserPrincipal value.

http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingCustomPrincpalsWith
http://wiki.jboss.org/wiki/Wiki.jsp?page=AccessingServletRequestForAuthentication
Actions
2. Re: Creating principal from custom headers

cassio Dec 5, 2005 10:47 AM (in response to cassio)

Thanks for the reply, Scott.
I have actually gone ahead and implemented this route as a temporary solution, but my problem is that I don't want to have the user go through the JBoss authentication. My authentication is done elsewhere and the username and roles are put in custom request headers and passed on to JBoss via mod_jk. I want to create a principal based on those headers and feed it into JBoss. If I use a LoginModule, I have to have the user submit the j_security_check form, right?
Is there any way to introduce a Principal into JBoss without going through the whole JAAS sequence? I made a lame attempt at combining the Valve with a custom Realm, but couldn't make it work either. Would that be the way to go?
Actions

Go to original post