JAAS auth and accessing Principal in EJB
davetron5000 Jul 6, 2007 4:18 PMMy basic problem is that I've got Seam successfully using JAAS for authentication, however the logged-in principal is not showing up on the backend; instead I'm getting the "unauthenticatedIdentity" principal.
Jboss 4.0.5
Seam 1.2.1
I've configured JBoss to use the DatabaseServerLoginModule as such:
<application-policy name = "tfdRealm"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name = "unauthenticatedIdentity">guest</module-option> <module-option name = "dsJndiName">java:/TFDDB</module-option> <module-option name = "principalsQuery">select password from user where username=?</module-option> <module-option name = "rolesQuery">select r.rolename,'Roles' from role r, user u, roleuser ru where r.roleid = ru.roleid and u.userid = ru.userid and u.username = ?</module-option> </login-module> </authentication> </application-policy>
My components.xml contains this:
<component name="org.jboss.seam.security.identity" jaas-config-name="tfdRealm" />
My login.xhtml is:
<body> <h:messages /> <h:form> <table border="0"> <tr><td>Username:</td><td><h:inputText value="#{identity.username}" /></td></tr> <tr><td>Password:</td><td><h:inputSecret value="#{identity.password}" /></td></tr> <tr><td><h:commandButton value="Login" action="#{identity.login}" /></td></tr> </table> </h:form> </body>
(extra XML declaration stuff omitted).
Note that I have no implemented an authenticator. Clicking the login button uses the configured policy in JBoss and everything's seems to work (valid user/pass logs in, invalid does not).
I have a session bean as follows:
@Stateless @Name("todoManager") @SecurityDomain("tfdRealm") public class StatlessTodoAccess implements TodoAccess,TodoAccessRemote { @PersistenceContext(unitName="tfd") private EntityManager itsEntityManager; @Resource private SessionContext itsContext; @Factory("allTodos") public List<Todo> getAllTodos() { org.apache.log4j.Logger logger = org.apache.log4j.Logger.getLogger(getClass().getName()); Principal caller = itsContext.getCallerPrincipal(); String username = caller.getName(); logger.info("caller was " + username); Query query = itsEntityManager.createQuery("select u from User u where u.username=:username"); query.setParameter("username",username); try { User user = (User)query.getSingleResult(); logger.info("user has " + user.getTodos().size() + " todos"); return user.getTodos(); } catch (NoResultException e) { logger.error("No results for " + username,e); return new ArrayList<Todo>(); } } }
accessed via
<body> <f:view> <f:verbatim> <h2>To F'n Do</h2> Add New: <input type="text" /> </f:verbatim> <br /> <f:subview id="allTodos"> <h:dataTable value="#{allTodos}" var="todo"> <h:column><b><h:outputText value="#{todo.description}" /></b></h:column> </h:dataTable> </f:subview> </f:view> </body>
The caller princpal returned by getCallerPrincipal() is "guest" and not the username I used to log in.
I'm a bit confused by this; how can I get the EJBs to see my login (and, where did the principal/subject created by my successful login go?)
I've read a previous thread on the subject and I was extremely confused. I downloaded two examples that claim to show JAAS working with seam, however one was out-dated and the other didn't contain any code. I couldn't find any info in either to help my problem.