3 Replies Latest reply on Mar 7, 2008 11:07 AM by ragavgomatam

HTTP Auth & callerPrincipal

joshd Mar 6, 2008 6:37 AM

I am quite new to jboss at all, and facing a problem with a login part of an app using ejb3 with SOA and a js-ajax web-client).

I have to use http-authentication and my LoginModule (extends UserNamePasswordModule) is working pretty fine so far. My LoginModule uses a session bean - my SecurityManager, to retrieve a User-Object for the name/password provided by the user through the http-auth-dialog. The name provided looks like "client/username". In my SecurityManager I split and process these infos and do my db-authenticaton (for this user an this client). And it works fine - for both LDAP and DB.

The problem for me now is, the the sessionContext.callerPrincipal gives me the user-provided string ("client/username") whereas I would need the name of user (Userobject.getname).

So how can I reach that? Do I have to set the caller somehow, when I changed the name after entering by the user?

thanks a lot,
regards,
josh

1. Re: HTTP Auth & callerPrincipal

ragavgomatam Mar 6, 2008 1:24 PM (in response to joshd)
Do this...
sessionContext.getCallerPrincipal ().getClass().getName()

It will always be an instance java.security.Principal. If you want your userObj to be returned, then make your userObj implement java.security.Principal interface and instantiate it in your LoginModule. So now your UserObj becomes the type Principal & you are set.

I picked this from javadocs for javax.ejb.EJBContext. SessionContext extends this.

public java.security.Principal getCallerPrincipal()Obtain the java.security.Principal that identifies the caller. Returns: The Principal object that identifies the caller. This method never returns null.
Actions

2. Re: HTTP Auth & callerPrincipal

joshd Mar 7, 2008 9:31 AM (in response to joshd)

Ok, my User class implements Principal already. But this part I dont get:

[..] Principal interface and instantiate it in your LoginModule. So now your UserObj becomes the type Principal & you are set.

My LoginModule extends UserPasswordLoginModul, and I just override initialize (just saying super.initialize and inject my SecurityManagerBean) and getUsersPossword and getRoleSets (both using the manager for retrieving the needed infos). So where to set explicitly the User i.e. the Principal?!

Do I have to implement my own LoginModule completely (initialize, login, commit etc)?

regards, josh

public class LoomLoginModule extends UsernamePasswordLoginModule
{
 private mySecurityManager securityManager;
 private User user;

 /**
 * initializes superclass context
 */
 public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
 {
 this.user = new User();
 super.initialize(subject, callbackHandler, sharedState, options);

 try
 {
 //..inject my securityManager
 }
 }

 /**
 *
 */
 protected Group[] getRoleSets() throws LoginException
 {
 if (user == null)
 throw new LoginException("user " + super.getUsername() + " does not exist");
 return this.securityManager.getRoleSets(user.getId());
 }

 /**
 *
 */
 protected String getUsersPassword() throws LoginException
 {
 String[] userInput = {"", ""};
 userInput = super.getUsernameAndPassword();
 this.user = this.securityManager.login(userInput[0], userInput[1]);
 if (user == null)
 throw new LoginException("user " + super.getUsername() + " does not exist");

 return userInput[1];
 }
}

3. Re: HTTP Auth & callerPrincipal

ragavgomatam Mar 7, 2008 11:07 AM (in response to joshd)

Check the forum...I have posted the working code of a CustomLogin Module that users a Custom Principal. You could populate whatever you want in your CustomPrincipal...Here is the URL

http://www.jboss.com/index.html?module=bb&op=viewtopic&t=125169
Actions

Go to original post