1 Reply Latest reply on Jan 20, 2013 8:17 AM by Daniel Tavares

    Custom role in custom login module

    Daniel Tavares Newbie

      Hello

       

       

      I`ve devepoed a custom login module that add a custom role in principal.

       

      The problem is that jboss ignore my role. Files>

       

       

      public class LeveJaasGroupPrincipal implements Group {
       nane ....
      }
      

       

       

      public class LeveJaasLoginModule implements LoginModule {
      ...
        public boolean commit() throws LoginException {
             subject.getPrincipals().add(currentUser); 
             subject.getPrincipals().addAll(currentUser.getGroups()); 
             subject.getPublicCredentials().addAll(currentUser.getGroups()); // works fine. Add a LeveJaasGroupPrincipal with name LeveUser
       }
      ...
      }
      

      web.xml

       

       

       

      
      <security-role>
      
      
      
      
      <description>Main Group</description>
      
      
      
      
      <role-name>LeveUser</role-name>
      
      
      </security-role>
      
      
      
      
      <security-constraint>
      
      
      
      
      <web-resource-collection>
      
      
      
      
      
      
      <web-resource-name>All resources</web-resource-name>
      
      
      
      
      
      
      <description>Protects all resources</description>
      
      
      
      
      
      
      <url-pattern>/*</url-pattern>
      
      
      
      
      </web-resource-collection>
      
      
      
      
      <auth-constraint>
      
      
      
      
      
      
      <role-name>LeveUser</role-name>
      
      
      
      
      </auth-constraint>
      
      
      </security-constraint>
      
      
      
      
      
      
      <login-config>
      
      
      
      
      <auth-method>FORM</auth-method>
      
      
      
      
      <realm-name>LeveAuthDomain</realm-name>
      
      
      
      
      <form-login-config>
      
      
      
      
      
      
      <form-login-page>/WEB-INF/login.jsp</form-login-page>
      
      
      
      
      
      
      <form-error-page>/WEB-INF/loginError.jsp</form-error-page>
      
      
      
      
      </form-login-config>
      
      
      </login-config>
      
      

       

       

      After logi a got the error "HTTP Status 403 - Access to the requested resource has been denied"

       

      What should i do to jboss recognize my group type?

        • 1. Re: Custom role in custom login module
          Daniel Tavares Newbie

          ok, after a long debugging nigh, i found it:

           

          I  just need to add a main group called "Roles" (org.jboss.security.SecurityConstants.ROLES_IDENTIFIER in fact).

           

          code:

           

          LeveJaasGroupPrincipal mainGroup = new LeveJaasGroupPrincipal();

          mainGroup.setName("Roles");

          for(Group g:  currentUser.getGroups()){

               mainGroup.addMember(g);

          }

          subject.getPrincipals().add(mainGroup);

           

          I dont know if there is a better solution to do it, but it solve my problem