Error Jass CustomLogin Jboss 7
alexis.araya Dec 4, 2014 9:49 AMhello,
I tried for hours and I have not been able to find the solution.
Jboss fails to authorize me by roles.
the login is correct,
well but does not assign roles
AGLoginModule.java
AGLoginModule implements LoginModule { protected Subject _subject; protected CallbackHandler _callbackHandler; protected Map _sharedState; .... public void initialize(Subject subject, CallbackHandler cbh,Map sharedState, Map options) { this._subject = subject; this._callbackHandler = cbh; this._sharedState = sharedState; this._options = options; ..... .... } public boolean login() throws LoginException { ... ... } public boolean commit() throws LoginException { userPrincipal = new UserPrincipal(_username); _subject.getPrincipals().add(userPrincipal); rolePrincipal = new RolePrincipal("ADMG"); _subject.getPrincipals().add(rolePrincipal); return true; } }
web.xml
.. <security-constraint> <web-resource-collection> <web-resource-name>Permisos Administrador Garantias</web-resource-name> <url-pattern>/faces/default/Inicio.jspx</url-pattern> <url-pattern>/faces/seguridad/SeteosPersonales.jspx</url-pattern> </web-resource-collection> <auth-constraint> <role-name>ADMG</role-name> </auth-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>jBossJaasPostgreRealm</realm-name> <form-login-config> <form-login-page>/seguridad/Login.jsp</form-login-page> <form-error-page>/seguridad/Login.jsp</form-error-page> </form-login-config> </login-config>
jboss-web.xml
<?xml version="1.0" encoding="UTF-8" ?> <jboss-web> <security-domain>jBossJaasPostgreRealm</security-domain> <context-root>/AGPROD</context-root> </jboss-web>
standalone.xml
<subsystem xmlns="urn:jboss:domain:security:1.1"> <security-domains> <security-domain name="jBossJaasPostgreRealm" cache-type="default"> <authentication> <login-module code="com.sag.extensiones.login.AGLoginModule" flag="required"> </login-module> </authentication> </security-domain> <security-domain name="jboss-web-policy" cache-type="default"> <authorization> <policy-module code="Delegating" flag="required"/> </authorization> </security-domain> <security-domain name="jboss-ejb-policy" cache-type="default"> <authorization> <policy-module code="Delegating" flag="required"/> </authorization> </security-domain> </security-domains> </subsystem>
server.log
you can see the following Checking roles GenericPrincipal[admin()] ??
should be : Checking roles GenericPrincipal[admin([ADMG])] ???
10:13:52,489 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-3) defaultLogin, lc=javax.security.auth.login.LoginContext@2bfb3ddf, subject=Subject(2073760263).principals=com.sag.extensiones.login.UserPrincipal@29149431(com.sag.extensiones.login.UserPrincipal@112dd105)com.sag.extensiones.login.RolePrincipal@1458939922(com.sag.extensiones.login.RolePrincipal@19ed6258)com.sag.extensiones.login.RolePrincipal@1458939922(com.sag.extensiones.login.RolePrincipal@2fd38cb4)com.sag.extensiones.login.RolePrincipal@1458939922(com.sag.extensiones.login.RolePrincipal@69ba95f3)com.sag.extensiones.login.RolePrincipal@1458939922(com.sag.extensiones.login.RolePrincipal@58cababf) 10:13:52,492 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-3) updateCache, inputSubject=Subject(2073760263).principals=com.sag.extensiones.login.UserPrincipal@29149431(com.sag.extensiones.login.UserPrincipal@112dd105)com.sag.extensiones.login.RolePrincipal@1458939922(com.sag.extensiones.login.RolePrincipal@19ed6258)com.sag.extensiones.login.RolePrincipal@1458939922(com.sag.extensiones.login.RolePrincipal@2fd38cb4)com.sag.extensiones.login.RolePrincipal@1458939922(com.sag.extensiones.login.RolePrincipal@69ba95f3)com.sag.extensiones.login.RolePrincipal@1458939922(com.sag.extensiones.login.RolePrincipal@58cababf), cacheSubject=Subject(1705672 10:13:52,497 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-3) Inserted cache info: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@1c8106fa 10:13:52,497 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-3) End isValid, true 10:13:52,499 TRACE [org.jboss.as.web.security] (http--127.0.0.1-8080-3) User: admin is authenticated 10:13:52,499 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http--127.0.0.1-8080-3) Authentication of 'admin' was successful 10:13:52,500 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http--127.0.0.1-8080-3) Redirecting to original '/SAGPROD/faces/default/Inicio.jspx' 10:13:52,530 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--127.0.0.1-8080-3) Calling hasUserDataPermission() 10:13:52,531 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-3) User data constraint has no restrictions 10:13:52,532 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--127.0.0.1-8080-3) Calling authenticate() 10:13:52,532 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http--127.0.0.1-8080-3) Restore request from session '4iBeShC-W4wurYGHkXmKfWTC.undefined' 10:13:52,533 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--127.0.0.1-8080-3) Authenticated 'admin' with type 'FORM' 10:13:52,534 DEBUG [org.apache.tomcat.util.http.Parameters] (http--127.0.0.1-8080-3) Set query string encoding to null 10:13:52,535 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http--127.0.0.1-8080-3) Proceed to restored request 10:13:52,536 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--127.0.0.1-8080-3) Calling accessControl() 10:13:52,538 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-3) Checking roles GenericPrincipal[admin()] 10:13:52,551 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-3) El usuario admin NO desempeña el papel de ADMG 10:13:52,551 TRACE [org.jboss.as.web.security] (http--127.0.0.1-8080-3) hasRole:RealmBase says:false::Authz framework says:true:final=false 10:13:52,552 DEBUG [org.apache.catalina.realm.RealmBase] (http--127.0.0.1-8080-3) No role found: ADMG
Thanks for the help