This content has been marked as final.
Show 3 replies
-
1. Re: HTTP Auth & callerPrincipal
ragavgomatam Mar 6, 2008 1:24 PM (in response to joshd)Do this...
sessionContext.getCallerPrincipal ().getClass().getName()
It will always be an instance java.security.Principal. If you want your userObj to be returned, then make your userObj implement java.security.Principal interface and instantiate it in your LoginModule. So now your UserObj becomes the type Principal & you are set.
I picked this from javadocs for javax.ejb.EJBContext. SessionContext extends this.public java.security.Principal getCallerPrincipal()Obtain the java.security.Principal that identifies the caller. Returns: The Principal object that identifies the caller. This method never returns null.
-
2. Re: HTTP Auth & callerPrincipal
joshd Mar 7, 2008 9:31 AM (in response to joshd)Ok, my User class implements Principal already. But this part I dont get:
[..] Principal interface and instantiate it in your LoginModule. So now your UserObj becomes the type Principal & you are set.
My LoginModule extends UserPasswordLoginModul, and I just override initialize (just saying super.initialize and inject my SecurityManagerBean) and getUsersPossword and getRoleSets (both using the manager for retrieving the needed infos). So where to set explicitly the User i.e. the Principal?!
Do I have to implement my own LoginModule completely (initialize, login, commit etc)?
regards, joshpublic class LoomLoginModule extends UsernamePasswordLoginModule { private mySecurityManager securityManager; private User user; /** * initializes superclass context */ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { this.user = new User(); super.initialize(subject, callbackHandler, sharedState, options); try { //..inject my securityManager } } /** * */ protected Group[] getRoleSets() throws LoginException { if (user == null) throw new LoginException("user " + super.getUsername() + " does not exist"); return this.securityManager.getRoleSets(user.getId()); } /** * */ protected String getUsersPassword() throws LoginException { String[] userInput = {"", ""}; userInput = super.getUsernameAndPassword(); this.user = this.securityManager.login(userInput[0], userInput[1]); if (user == null) throw new LoginException("user " + super.getUsername() + " does not exist"); return userInput[1]; } }
-
3. Re: HTTP Auth & callerPrincipal
ragavgomatam Mar 7, 2008 11:07 AM (in response to joshd)Check the forum...I have posted the working code of a CustomLogin Module that users a Custom Principal. You could populate whatever you want in your CustomPrincipal...Here is the URL
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=125169