4 Replies Latest reply on Dec 17, 2007 11:41 AM by Guy M. Spillman, Jr.

    Problems with SynchronizingLoginModule

    Guy M. Spillman, Jr. Newbie

      I am encountering two problems when utilizing the SynchronizingLoginModule.

      1. Role assignments are still syncing even when "synchronizeRoles" is set to false

      2. Dashboard displays the following error. It is fixed by removing the "SynchronizingLoginModule" from login-config.xml

      HTTP Status 403 -
      --------------------------------------------------------------------------------
      type Status report
      message
      description Access to the specified resource () has been forbidden.
      --------------------------------------------------------------------------------
      JBossWeb/2.0.0.GA

      Both problems were discovered using JaasLounge(http://jaaslounge.sourceforge.net/) NTLMLoginModule, but can be duplicated using JBoss' UsersRolesLoginModule.

      The Dashboard problem was originally discussed in the following thread, but seams to be a different problem since it can be duplicated using JBoss code only.
      http://www.jboss.com/index.html?module=bb&op=viewtopic&t=119733

      Configuration:
      Windows XP Professional Service Pack 2
      JBoss Portal 2.6.2 + JBoss AS 4.2.1 Bundle

      ${jboss.server.home.dir}\deploy\jboss-portal.sar\conf\login-config.xml:
      <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="sufficient">
       <module-option name="unauthenticatedIdentity">guest</module-option>
       <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
       <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
       <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
       <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
       <module-option name="additionalRole">Authenticated</module-option>
       <module-option name="password-stacking">useFirstPass</module-option>
      </login-module>
      
      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required" />
      
      <login-module code="org.jboss.portal.identity.auth.SynchronizingLoginModule" flag="optional">
       <module-option name="synchronizeIdentity">true</module-option>
       <module-option name="synchronizeRoles">false</module-option>
       <module-option name="additionalRole">Authenticated</module-option>
       <module-option name="defaultAssignedRole">User</module-option>
       <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
       <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
       <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
       <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
      </login-module>
      

      ${jboss.server.home.dir}\conf\defaultRoles.properties:
      testuser=test
      testuser2=test2
      

      ${jboss.server.home.dir}\conf\defaultUsers.properties:
      testuser=testrole1,testrole2
      testuser2=testrole3,testrole4
      


      Procedure:
      1. Apply above configuration, run JBoss, and navigate to portal using browser.
      2. Login using testuser/test.
      3. Logout
      4. Login using admin/admin
      5. Click on the "Admin" link
      6. Click on the "Members" tab
      7. Click on "User Management" sub tab
      8. Click on "Search Users" link
      9. Find the "testuser" that should have been auto created in step #2
      10. Click on "Role Management" sub tab
      11. Click on "Create New Role" link
      12. Enter "portalrole" for both "Role" and "Display Name" edit boxes
      13. Click "Submit" button
      14. Click on "User Management" sub tab
      15. Click on "Search Users" link
      16. Click on the "Roles" link to the right of "testuser"
      17. Click the "portalrole" checkbox.
      18. Click the "Submit" button.
      19. Logout
      20. Login using testuser/test
      21. Navigate around the portal at your leasure (Sometimes this step can be skiped)
      22. Logout
      23. Login using admin/admin
      24. Click on the "Admin" link
      25. Click on the "Members" tab
      26. Click on "User Management" sub tab
      27. Click on "Search Users" link
      28. Click on the "Roles" link to the right of "testuser"

      The "portalrole" is now not checked. If the synchronizeRoles is set to false, how can this be?

      29. Logout
      30. Login using testuser/test
      31. Click the "Dashboard" link.

      The HTTP Status 403 error described above will be displayed.

      Any help would be appreciated. This problem is holding us up from deploying to a production environment.