This content has been marked as final.
Show 3 replies
-
1. Re: No principals found in domain error
kpalania Sep 12, 2007 10:16 AM (in response to kpalania)In the case where this IS an error, I see the org.jboss.security.jacc.DelegatingPolicy class (and the implies() API) come into play, while in the other (working) case, I see the ContextPolicy and the implies() API in that class come into play...
So, there is definitely some difference but whether or not this is what is causing the problem, I don't know at this point :( -
2. Re: No principals found in domain error
kpalania Sep 12, 2007 10:30 AM (in response to kpalania)public boolean implies(ProtectionDomain domain, Permission permission) { // Check the boolean isJaccPermission = permission instanceof EJBMethodPermission || permission instanceof EJBRoleRefPermission || permission instanceof WebResourcePermission || permission instanceof WebRoleRefPermission || permission instanceof WebUserDataPermission; boolean implied = false; // If there are external permission types check them if( isJaccPermission == false && externalPermissionTypes.length > 0 ) { Class pc = permission.getClass(); for(int n = 0; n < externalPermissionTypes.length; n ++) { Class epc = externalPermissionTypes[n]; if( epc.isAssignableFrom(pc) ) { isJaccPermission = true; break; } } } if (isJaccPermission == false) { // Let the delegate policy handle the check implied = delegate.implies(domain, permission); } else { if (trace) { log.trace("implies, domain=" + domain + ", permission=" + permission); try { Subject caller = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); log.trace("implies javax.security.auth.Subject.container: "+caller); } catch(Throwable e) { log.trace("Failed to access Subject context", e); } } String contextID = PolicyContext.getContextID(); ContextPolicy contextPolicy = (ContextPolicy) activePolicies.get(contextID); if (contextPolicy != null) implied = contextPolicy.implies(domain, permission); else if (trace) log.trace("No PolicyContext found for contextID=" + contextID); } if (trace) { log.trace("implied=" + implied); } return implied; }
It is this piece of code in DelegatingPolicy.java that is relevant to my case (I'm pretty sure). In the case where it fails, isJaccPermission is FALSE. Now, how do I fix this :( -
3. Re: No principals found in domain error
kpalania Sep 12, 2007 10:43 AM (in response to kpalania)Principal[] principals = domain.getPrincipals();
This returns NULL (in ContextPolicy.implies) and leads to the issue. Why does the ProtectionDomain not return the principals set in the Tomcat authenticator (I've implemented a Custom Tomcat Valve).
Is this a JBoss Portal bug?