Principal from Servlet to EJB not propagating?
forumer Oct 25, 2006 7:01 PMI need to get a user from a Servlet Request parameter and propagate it to EJB layer. But it is not happening!
Thanks in advance for your help.
This is the excerpt from login-config.xml. Note that I am using ClientLoginModule:
<application-policy name = "myPolicy"> <authentication> <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required" /> <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"> <module-option name="password-stacking">useFirstPass</module-option> </login-module> </authentication> </application-policy>
This is how use a loginContext. users.properties and roles.properties files in application archive are being read correctly.
CallbackHandler handler = new MyHandler("paramFromRequest"); LoginContext lc = null; try { lc = new LoginContext("myPolicy", handler); lc.login(); Subject subject = lc.getSubject(); Set<Principal> principals = subject.getPrincipals(); for(Principal p: principals) { log.info("name="+p.getName()); log.debug("name="+p.getName()); // JBoss Specific if (p instanceof SimpleGroup) { SimpleGroup sg = (SimpleGroup) p; if ("Roles".equals(sg.getName())) { log.debug("role-name=" + sg.toString()); } } } } catch (LoginException e) { log.info("authentication failed... But this is just a test; Ignore it"); e.printStackTrace(); }
Here is the handler:
class MyHandler implements CallbackHandler { String name = null; public MyHandler(String name){this.name=name;} public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks instanceof NameCallback) { NameCallback nc = (NameCallback) callbacks; nc.setName(name); } else if (callbacks instanceof PasswordCallback) { PasswordCallback pc = (PasswordCallback) callbacks; pc.setPassword(new char[0]); } else { throw new UnsupportedCallbackException(callbacks, "Unrecognized Callback"); } } } }
Here is the EJB Method call that I am expecting to fail but succeeds! Calls on "ctx" are commented out because I get "No valid security context for the caller identity" otherwise.
@RolesAllowed("xxx") public List<String> getAllUserGroups() { // Principal callerPrincipal = ctx.getCallerPrincipal(); // if(null == callerPrincipal) log.debug("callerPrincipal is null!"); // else log.debug(callerPrincipal.getName()); return getAllGroupsAsStrings(); }