6 Replies Latest reply on Jun 13, 2013 4:04 AM by gtmbanerjee

    Custom Principal not returning correct user

    gtmbanerjee

      Hi,

       

      We have Jboss 7.1 standalone-chorus.xml which defines these security settings

       

                     <security-domain name="teiid-security" cache-type="default">

                          <authentication>

                              <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">

                                  <module-option name="usersProperties" value="${jboss.server.config.dir}/teiid-security-users.properties"/>

                                  <module-option name="rolesProperties" value="${jboss.server.config.dir}/teiid-security-roles.properties"/>

                              </login-module>

                          </authentication>

                      </security-domain>

                      <security-domain name="chorus-teiid-security" cache-type="default">

                          <authentication>

                              <login-module code="com.ca.mfui.chorusR2.common.security.ChorusLoginModule" flag="required"/>

                          </authentication>

                      </security-domain>

                      <security-domain name="chorus-login-security" cache-type="default">

                          <authentication>

                              <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="sufficient">

                                  <module-option name="usersProperties" value="${jboss.server.config.dir}/teiid-security-users.properties"/>

                                  <module-option name="rolesProperties" value="${jboss.server.config.dir}/teiid-security-roles.properties"/>

                              </login-module>

                              <login-module code="com.ca.mfui.chorusR2.common.security.ChorusLoginModule" flag="sufficient"/>

                          </authentication>

                      </security-domain>

       

       

                    

                     <transport name="embedded">

                          <authentication security-domain="chorus-login-security"/>

                     </transport>

                     <transport name="jdbc" socket-binding="teiid-jdbc">

                           <authentication security-domain="teiid-security,chorus-teiid-security"/>

                      </transport>

       

      We have a custom principal with the user added as subject in the commit() method of ChorusLoginModule. When we try to get the user in a specific translator

      it doesnt return the logged in user but the admin user.

       

      Thanks

      Gautam

        • 1. Re: Custom Principal not returning correct user
          rareddy

          Are you using the ExecutionContext.getSubject() call?

          • 2. Re: Custom Principal not returning correct user
            gtmbanerjee

            Yes, It is returning the CallerPrincipal with admin user instead of logged in user. The custom principal is not returned.

            • 3. Re: Custom Principal not returning correct user
              rareddy

              What admin user? What does your Teiid session information say? Which version of Teiid? Do you have any testcase?

              • 4. Re: Custom Principal not returning correct user
                gtmbanerjee

                Sorry for the delay in replying, was occupied with something else.

                 

                The teiid version is 8.1. The teiid session information says that the user name is admin@chorus-login-security

                 

                session: sessionid=vLi3FqKEgdua; userName=admin@chorus-login-security; vdbName=Chorus; vdbVersion=1; createdTime=Tue Jun 11 17:23:39 IST 2013; applicationName=JDBC; clientHostName=null; clientHardwareAddress=null; IPAddress=null; securityDomain=chorus-login-security; lastPingTime=Tue Jun 11 17:23:39 IST 2013

                 

                We dont have a testcase because this is related to jboss configuration and teiid and not sure whether this can be reproduced on embedded teiid.

                 

                We have made a tweak in the jboss configuration. It returns the ChorusPrincipal but the user is admin. Please let us know how to resolve.

                 

                The tweak is

                 

                               <security-domain name="chorus-teiid-security" cache-type="default">

                                    <authentication>

                                        <login-module code="com.ca.mfui.chorusR2.common.security.ChorusLoginModule" flag="required"/>

                                    </authentication>

                                </security-domain>

                                <security-domain name="chorus-login-security" cache-type="default">

                                    <authentication>

                                        <login-module code="com.ca.mfui.chorusR2.common.security.ChorusLoginModule" flag="sufficient"/>

                                        <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="sufficient">

                                            <module-option name="usersProperties" value="${jboss.server.config.dir}/teiid-security-users.properties"/>

                                            <module-option name="rolesProperties" value="${jboss.server.config.dir}/teiid-security-roles.properties"/>

                                        </login-module>

                                    </authentication>

                                </security-domain>

                 

                 

                               <transport name="embedded">

                                     <authentication security-domain="chorus-login-security"/>

                                </transport>

                               <transport name="jdbc" socket-binding="teiid-jdbc">

                                     <authentication security-domain="chorus-teiid-security"/>

                               </transport>

                • 5. Re: Custom Principal not returning correct user
                  rareddy

                  The returned subject can have more than single principle depending upon how you coded it.  So, you are saying that you login with user 'X' and you will see "admin" user at translator? I suggest running in debug mode and walk through the code.  Also try changing "sufficient" to "required" in the above xml for "flag" attribute. Also you chaining may be in wrong order, have ChorusLoginModule after the UserLoginModule. That usally depends on which module is doing the authentication call?

                   

                  When you use the default login module comes with Teiid, do you see the same user that logged in at the translator? I can not say what is going wrong without looking at the code and understanding what you are trying to accomplish.

                   

                  Ramesh..

                  • 6. Re: Custom Principal not returning correct user
                    gtmbanerjee

                    When the user logs in, the ChorusLoginModule is not called. It seems some jboss configuration is missing. Currently reseraching on it. I have added a security domain to jboss-web.xml and also added the domain to application realm but still not working.