Custom principal is not propagated to ejb session context (resteasy3 + oauth)
Hello,
I'm using resteasy 3.0.1 Final with oauth in JBoss 6.1 EAP and my custom principal class is not propagated to sessioncontext in an EJB3.
Oauth is configured as BearerTokenAuthenticator
My login-module configuration in standalone.xml to use extended login module
<login-module code="es.gc.epsilon.secure.api.shared.resources.MyDatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/EpsilonXADS"/>
<module-option name="principalsQuery" value="select PASSWORD from EP_USER where name=?"/>
<module-option name="rolesQuery" value="select ROLE_NAME, 'Roles' from EP_USER_ROLE where USER_NAME = ?"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="base64"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
My DatabaseServerLoginModule:
public class MyDatabaseServerLoginModule extends DatabaseServerLoginModule {
@Override
protected java.security.Principal createIdentity(String username) throws Exception {
System.out.println("createIdentity BEGIN");
MyCustomPrincipal p = null;
if (principalClassName == null) {
p = new MyCustomPrincipal(username);
} else {
p = (MyCustomPrincipal) super.createIdentity(username);
}
return p;
}
...
My custom principal
public class MyCustomPrincipal extends SimplePrincipal implements Serializable {
private static final long serialVersionUID = 1L;
private String tenant;
public MyCustomPrincipal(String name) {
super(name);
// TODO Auto-generated constructor stub
}
...
My oauth server configuration:
jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/jaasEpsilon</security-domain>
<valve>
<class-name>org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve</class-name>
</valve>
</jboss-web>
My api rest configuration project:
web.xml
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>jaasEpsilon</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>All resources</web-resource-name>
<description>Protects all resources</description>
<url-pattern>/api/secure/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>employee</role-name>
</auth-constraint>
</security-constraint>
<context-param>
<param-name>resteasy.role.based.security</param-name>
<param-value>true</param-value>
</context-param>
jboss-deployment-structure
<jboss-deployment-structure>
<deployment>
<dependencies>
<module name="org.jboss.resteasy.resteasy-jaxrs" services="import"/>
<module name="org.jboss.resteasy.resteasy-jackson-provider" services="import"/>
<module name="org.jboss.resteasy.skeleton-key"/>
</dependencies>
</deployment>
</jboss-deployment-structure>
jboss-web.xml
<jboss-web>
<valve>
<class-name>org.jboss.resteasy.skeleton.key.as7.BearerTokenAuthenticatorValve</class-name>
</valve>
</jboss-web>
From an EJB I extract principal info as
@Resource(name = "sessionContext")
private SessionContext sctx;
...
Principal principal = sctx.getCallerPrincipal();
if (!(principal instanceof MyCustomPrincipal)) {
System.out.println("I expected a " + MyCustomPrincipal.class.getName() + " but got a "
+ principal.getClass().getName() + " instead !!!!!!");
and the result is:
I expected a es.gc.epsilon.secure.api.shared.resources.MyCustomPrincipal but got a org.jboss.resteasy.skeleton.key.SkeletonKeyPrincipal instead
Is this a bug, is there another way to retrieve the caller principal, is there any wrong configuration?
Thanks.
