0 Replies Latest reply on Mar 13, 2012 11:37 AM by jsofti

EjbContext CallerPrincipal is always anonymous

jsofti Mar 13, 2012 11:37 AM

Hello,

we're trying to setup a ldap authentication with the AS7.1 and we need help

We manged it to authenticate with our ldap server, but now we have the problem, that when we call ejbContext.getCallerPrincipal().getName() the result always is "anonymous".

It seems that the login name isn't propagated correctly to the EjbContext, is that a bug or are we doing something wrong?

Thank you for any help.

               
      <security-realms>
            <security-realm name="ManagementRealm">
                <authentication>
                    <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
            </security-realm>
            <security-realm name="ApplicationRealm">
                <authentication>
                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
            </security-realm>
            <security-realm name="TestRealm">
                <authentication>
                    <ldap connection="ldap://xxxxx:xxx" base-dn="ou=xxx,dc=dev,dc=xx">
                        <advanced-filter filter="(sAMAccountName={0})"/>
                    </ldap>
                </authentication>
            </security-realm>
        </security-realms>
     ...
               <security-domain name="xxx_ldap_domain" cache-type="default">
                    <authentication>
                        <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
                            <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                            <module-option name="java.naming.provider.url" value="ldap://xxxxx:xxx"/>
                            <module-option name="java.naming.security.authentication" value="simple"/>
                            <module-option name="searchTimeLimit" value="5000"/>
                            <module-option name="principalDNSuffix" value="@xxx"/>
                            <module-option name="searchScope" value="ONELEVEL_SCOPE"/>
                            <module-option name="realm" value="TestRealm"/>
                        </login-module>
                    </authentication>
                </security-domain>

LoginController

	public void doLogin() {
	try {

	CallbackHandler handler = new UserPassHandler(this.userName, this.pass);
	LoginContext lc = new LoginContext("xxx_ldap_domain", handler);
	getLogger().debug("login called");
	lc.login();
	getLogger().debug("login ok " + lc.getSubject().toString());

	ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
	context.redirect("index.html");

	FacesContext.getCurrentInstance().responseComplete();

	} catch (Exception e) {
	getLogger().fatal("Login failed", e);
	}
	}

	class UserPassHandler implements CallbackHandler {
	private String user, pass;

	private UserPassHandler(String user, String pass) {
	super();
	this.user = user;
	this.pass = pass;
	}

	public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
	for (int i = 0; i < callbacks.length; i++) {
	if (callbacks[i] instanceof NameCallback) {
	NameCallback nc = (NameCallback) callbacks[i];
	nc.setName(user);
	} else if (callbacks[i] instanceof PasswordCallback) {
	PasswordCallback pc = (PasswordCallback) callbacks[i];
	pc.setPassword(pass.toCharArray());
	} else {
	throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
	}
	}
	}
	}

Sample call (EJB)

	@Resource
	EJBContext ctx;

	public void logCaller(){
	Principal p = ctx.getCallerPrincipal();
	if (p != null) {
	String name = p.getName();
	getLogger().debug("ejbContext: " + name);
	}
	}