4 Replies Latest reply on Sep 7, 2007 4:53 AM by Daniel En

    JAAS auth and accessing Principal in EJB

    David Copeland Newbie

      My basic problem is that I've got Seam successfully using JAAS for authentication, however the logged-in principal is not showing up on the backend; instead I'm getting the "unauthenticatedIdentity" principal.

      Jboss 4.0.5
      Seam 1.2.1

      I've configured JBoss to use the DatabaseServerLoginModule as such:

      <application-policy name = "tfdRealm">
      <authentication>
       <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
       <module-option name = "unauthenticatedIdentity">guest</module-option>
       <module-option name = "dsJndiName">java:/TFDDB</module-option>
       <module-option name = "principalsQuery">select password from user where username=?</module-option>
       <module-option name = "rolesQuery">select r.rolename,'Roles' from role r, user u, roleuser ru where r.roleid = ru.roleid and u.userid = ru.userid and u.username = ?</module-option>
       </login-module>
      </authentication>
      </application-policy>
      


      My components.xml contains this:
      <component name="org.jboss.seam.security.identity" jaas-config-name="tfdRealm" />
      


      My login.xhtml is:

      <body>
      <h:messages />
      <h:form>
      <table border="0">
       <tr><td>Username:</td><td><h:inputText value="#{identity.username}" /></td></tr>
       <tr><td>Password:</td><td><h:inputSecret value="#{identity.password}" /></td></tr>
       <tr><td><h:commandButton value="Login" action="#{identity.login}" /></td></tr>
      </table>
      </h:form>
      </body>
      


      (extra XML declaration stuff omitted).

      Note that I have no implemented an authenticator. Clicking the login button uses the configured policy in JBoss and everything's seems to work (valid user/pass logs in, invalid does not).

      I have a session bean as follows:

      @Stateless
      @Name("todoManager")
      @SecurityDomain("tfdRealm")
      public class StatlessTodoAccess implements TodoAccess,TodoAccessRemote
      {
       @PersistenceContext(unitName="tfd")
       private EntityManager itsEntityManager;
      
       @Resource
       private SessionContext itsContext;
      
       @Factory("allTodos")
       public List<Todo> getAllTodos()
       {
       org.apache.log4j.Logger logger = org.apache.log4j.Logger.getLogger(getClass().getName());
      
       Principal caller = itsContext.getCallerPrincipal();
       String username = caller.getName();
       logger.info("caller was " + username);
      
       Query query = itsEntityManager.createQuery("select u from User u where u.username=:username");
       query.setParameter("username",username);
      
       try
       {
       User user = (User)query.getSingleResult();
       logger.info("user has " + user.getTodos().size() + " todos");
       return user.getTodos();
       }
       catch (NoResultException e)
       {
       logger.error("No results for " + username,e);
       return new ArrayList<Todo>();
       }
      
       }
      }
      


      accessed via

      <body>
      <f:view>
       <f:verbatim>
       <h2>To F'n Do</h2>
       Add New: <input type="text" />
       </f:verbatim>
       <br />
       <f:subview id="allTodos">
       <h:dataTable value="#{allTodos}" var="todo">
       <h:column><b><h:outputText value="#{todo.description}" /></b></h:column>
       </h:dataTable>
       </f:subview>
      </f:view>
      </body>
      


      The caller princpal returned by getCallerPrincipal() is "guest" and not the username I used to log in.

      I'm a bit confused by this; how can I get the EJBs to see my login (and, where did the principal/subject created by my successful login go?)

      I've read a previous thread on the subject and I was extremely confused. I downloaded two examples that claim to show JAAS working with seam, however one was out-dated and the other didn't contain any code. I couldn't find any info in either to help my problem.