6 Replies Latest reply on Jun 13, 2013 4:04 AM by Gautam Banerjee

    Custom Principal not returning correct user

    Gautam Banerjee Newbie

      Hi,

       

      We have Jboss 7.1 standalone-chorus.xml which defines these security settings

       

                     <security-domain name="teiid-security" cache-type="default">

                          <authentication>

                              <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">

                                  <module-option name="usersProperties" value="${jboss.server.config.dir}/teiid-security-users.properties"/>

                                  <module-option name="rolesProperties" value="${jboss.server.config.dir}/teiid-security-roles.properties"/>

                              </login-module>

                          </authentication>

                      </security-domain>

                      <security-domain name="chorus-teiid-security" cache-type="default">

                          <authentication>

                              <login-module code="com.ca.mfui.chorusR2.common.security.ChorusLoginModule" flag="required"/>

                          </authentication>

                      </security-domain>

                      <security-domain name="chorus-login-security" cache-type="default">

                          <authentication>

                              <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="sufficient">

                                  <module-option name="usersProperties" value="${jboss.server.config.dir}/teiid-security-users.properties"/>

                                  <module-option name="rolesProperties" value="${jboss.server.config.dir}/teiid-security-roles.properties"/>

                              </login-module>

                              <login-module code="com.ca.mfui.chorusR2.common.security.ChorusLoginModule" flag="sufficient"/>

                          </authentication>

                      </security-domain>

       

       

                    

                     <transport name="embedded">

                          <authentication security-domain="chorus-login-security"/>

                     </transport>

                     <transport name="jdbc" socket-binding="teiid-jdbc">

                           <authentication security-domain="teiid-security,chorus-teiid-security"/>

                      </transport>

       

      We have a custom principal with the user added as subject in the commit() method of ChorusLoginModule. When we try to get the user in a specific translator

      it doesnt return the logged in user but the admin user.

       

      Thanks

      Gautam

        • 1. Re: Custom Principal not returning correct user
          Ramesh Reddy Master

          Are you using the ExecutionContext.getSubject() call?

          • 2. Re: Custom Principal not returning correct user
            Gautam Banerjee Newbie

            Yes, It is returning the CallerPrincipal with admin user instead of logged in user. The custom principal is not returned.

            • 3. Re: Custom Principal not returning correct user
              Ramesh Reddy Master

              What admin user? What does your Teiid session information say? Which version of Teiid? Do you have any testcase?

              • 4. Re: Custom Principal not returning correct user
                Gautam Banerjee Newbie

                Sorry for the delay in replying, was occupied with something else.

                 

                The teiid version is 8.1. The teiid session information says that the user name is admin@chorus-login-security

                 

                session: sessionid=vLi3FqKEgdua; userName=admin@chorus-login-security; vdbName=Chorus; vdbVersion=1; createdTime=Tue Jun 11 17:23:39 IST 2013; applicationName=JDBC; clientHostName=null; clientHardwareAddress=null; IPAddress=null; securityDomain=chorus-login-security; lastPingTime=Tue Jun 11 17:23:39 IST 2013

                 

                We dont have a testcase because this is related to jboss configuration and teiid and not sure whether this can be reproduced on embedded teiid.

                 

                We have made a tweak in the jboss configuration. It returns the ChorusPrincipal but the user is admin. Please let us know how to resolve.

                 

                The tweak is

                 

                               <security-domain name="chorus-teiid-security" cache-type="default">

                                    <authentication>

                                        <login-module code="com.ca.mfui.chorusR2.common.security.ChorusLoginModule" flag="required"/>

                                    </authentication>

                                </security-domain>

                                <security-domain name="chorus-login-security" cache-type="default">

                                    <authentication>

                                        <login-module code="com.ca.mfui.chorusR2.common.security.ChorusLoginModule" flag="sufficient"/>

                                        <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="sufficient">

                                            <module-option name="usersProperties" value="${jboss.server.config.dir}/teiid-security-users.properties"/>

                                            <module-option name="rolesProperties" value="${jboss.server.config.dir}/teiid-security-roles.properties"/>

                                        </login-module>

                                    </authentication>

                                </security-domain>

                 

                 

                               <transport name="embedded">

                                     <authentication security-domain="chorus-login-security"/>

                                </transport>

                               <transport name="jdbc" socket-binding="teiid-jdbc">

                                     <authentication security-domain="chorus-teiid-security"/>

                               </transport>

                • 5. Re: Custom Principal not returning correct user
                  Ramesh Reddy Master

                  The returned subject can have more than single principle depending upon how you coded it.  So, you are saying that you login with user 'X' and you will see "admin" user at translator? I suggest running in debug mode and walk through the code.  Also try changing "sufficient" to "required" in the above xml for "flag" attribute. Also you chaining may be in wrong order, have ChorusLoginModule after the UserLoginModule. That usally depends on which module is doing the authentication call?

                   

                  When you use the default login module comes with Teiid, do you see the same user that logged in at the translator? I can not say what is going wrong without looking at the code and understanding what you are trying to accomplish.

                   

                  Ramesh..

                  • 6. Re: Custom Principal not returning correct user
                    Gautam Banerjee Newbie

                    When the user logs in, the ChorusLoginModule is not called. It seems some jboss configuration is missing. Currently reseraching on it. I have added a security domain to jboss-web.xml and also added the domain to application realm but still not working.