Strange behavior with PolicyContext and obtaining HttpServletRequest
steve_167 Jun 7, 2013 8:17 PMSETUP:
I deploy multiple WARs, some of which are protected by a custom security domain with a custom JAAS login module as defined in the JBoss AS configuration file and some of which are unsecured. The login module JAR for the login module that protects the secured webapps is contained in its own JBoss user-defined module. In the login module the PolicyContext is leveraged to obtain the current HttpServletRequest as follows:
HttpServletRequest request = (HttpServletRequest)PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
PROBLEM:
If I deploy all the WARs, the login module works as expected and there are no problems. HOWEVER, if I undeploy ANY of the WARs and a new user comes along to any of the other secured web applications, the above line of code to obtain the servlet request results in the following exception:
13:03:35,335 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (ajp--0.0.0.0-8009-1) Login failure: javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: No PolicyContextHandler for key=javax.servlet.http.HttpServletRequest
at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:117)
If I then redeploy ANY of the web applications, the problems goes away. It's only on undeployment -- and it doesn't matter whether the webapp I undeploy is a secured or unsecured web application.
THOUGHTS:
It seems like the policy context handler for the request is being deregistered whenever any WAR is undeployed and then reregistered upon deployment of any webapp.
Any ideas? I might file this as a bug with JBoss AS.
Edit: I got a chance to grep the JBoss 7 trunk codebase to see where PolicyContext handler registration occurs and this was the only thing I found. It looks like the JBossWebRealmService is responsible for this.
$ find . -type f -name "*.java" -exec grep "PolicyContext.register" {} \; -print
PolicyContext.registerHandler(SecurityConstants.SUBJECT_CONTEXT_KEY, handler, true);
PolicyContext.registerHandler(SecurityConstants.CALLBACK_HANDLER_KEY, chandler, true);
./security/src/main/java/org/jboss/as/security/service/SecurityBootstrapService.java
PolicyContext.registerHandler(SecurityConstants.WEB_REQUEST_KEY, handler, true);
./web/src/main/java/org/jboss/as/web/security/JBossWebRealmService.java