2 Replies Latest reply on Feb 17, 2011 6:23 AM by wolfgangknauf

    How to set JAAS CallerPrincipal in a custom LoginModule?

    cchx
    cchx Jan 20, 2011 3:58 AM

      Hi there,

       

      I have a pretty weird problem:

       

      We have a security concept that is similar to OpenID: To login you have to call a special URL with a callback URL you are redirected to after successfull login. This callback is called with a security token. Using this token you can get a certificate with user details from the security authority.

       

      Workflow is:

       

      web.xml invokes LoginRedirect -> redirect to security authority's login page

      security authority -> calls LoginRedirect with security token

      LoginRedirect -> redirect to j_securiy_check

      j_securiy_check -> JAAS-chain

      JAAS -> LoginModule

      LoginModule -> requests certificate from authority using the token given either in username or password (makes no difference), sets CallerPrincipal

       

      EJB requests sessionContext.getCallerPrincipal() (and receives j_username and not the CallerPrincipal)

       

      But there is a little problem: Despite the fact I create a Group "CallerPrincipal" with a single Principle inside holding the userId I got from the authority. I expected this userId to be returned when calling sessionContext.getCallerPrincipal() but I receive the value used as j_username.

       

      Digging through the code I can see that in JaasSecurityManagerBase.updateCache() the CallerPrincipal is set is used for info.setPrincipial(). As far as I understand the documentation, my CallerPrincipal should be returned if I invoke sessionContext.getCallerPrincipal. Or do I miss something obvious?