3 Replies Latest reply on Sep 12, 2007 10:43 AM by krish p

    No principals found in domain error

    krish p Novice

      2007-09-11 20:12:28,333 TRACE [org.jboss.security.jacc.ContextPolicy] No principals found in domain: ProtectionDomain null
      null
      <no principals>

      How can I fix this? I see this when I try to access JBoss Portal (that is integrated with our application).

      I tried to get the subject, add principals to it, and use SecurityAssociation to set it back as well. But no difference :(

        • 1. Re: No principals found in domain error
          krish p Novice

          In the case where this IS an error, I see the org.jboss.security.jacc.DelegatingPolicy class (and the implies() API) come into play, while in the other (working) case, I see the ContextPolicy and the implies() API in that class come into play...

          So, there is definitely some difference but whether or not this is what is causing the problem, I don't know at this point :(

          • 2. Re: No principals found in domain error
            krish p Novice

             

            public boolean implies(ProtectionDomain domain, Permission permission)
             {
             // Check the
             boolean isJaccPermission = permission instanceof EJBMethodPermission
             || permission instanceof EJBRoleRefPermission
             || permission instanceof WebResourcePermission
             || permission instanceof WebRoleRefPermission
             || permission instanceof WebUserDataPermission;
             boolean implied = false;
             // If there are external permission types check them
             if( isJaccPermission == false && externalPermissionTypes.length > 0 )
             {
             Class pc = permission.getClass();
             for(int n = 0; n < externalPermissionTypes.length; n ++)
             {
             Class epc = externalPermissionTypes[n];
             if( epc.isAssignableFrom(pc) )
             {
             isJaccPermission = true;
             break;
             }
             }
             }
            
             if (isJaccPermission == false)
             {
             // Let the delegate policy handle the check
             implied = delegate.implies(domain, permission);
             }
             else
             {
             if (trace)
             {
             log.trace("implies, domain=" + domain + ", permission=" + permission);
             try
             {
             Subject caller = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
             log.trace("implies javax.security.auth.Subject.container: "+caller);
             }
             catch(Throwable e)
             {
             log.trace("Failed to access Subject context", e);
             }
             }
             String contextID = PolicyContext.getContextID();
             ContextPolicy contextPolicy = (ContextPolicy) activePolicies.get(contextID);
             if (contextPolicy != null)
             implied = contextPolicy.implies(domain, permission);
             else if (trace)
             log.trace("No PolicyContext found for contextID=" + contextID);
             }
             if (trace)
             {
             log.trace("implied=" + implied);
             }
             return implied;
             }


            It is this piece of code in DelegatingPolicy.java that is relevant to my case (I'm pretty sure). In the case where it fails, isJaccPermission is FALSE. Now, how do I fix this :(

            • 3. Re: No principals found in domain error
              krish p Novice

               

              Principal[] principals = domain.getPrincipals();
              


              This returns NULL (in ContextPolicy.implies) and leads to the issue. Why does the ProtectionDomain not return the principals set in the Tomcat authenticator (I've implemented a Custom Tomcat Valve).

              Is this a JBoss Portal bug?