7 Replies Latest reply on Feb 7, 2003 11:25 AM by Alan

    Inconsistency between JAAS in Web and EJB tiers

    Alan Newbie

      I have successfully set up JAAS with my LDAP server and have enforced authorization on EJB's. I went to set up form based security with the same security provider and ran into a strange issue: after logging in through the form, my users authenticate correctly, but somehow the isUserInRole() is returning false even though I'm requiring the same role as i did for EJBs, and its using the same exact security provider. Has anyone else run into this or have any ideas on how to debug this issue? It would be helpful if I could make debug print out all the roles that a user IS in...

      Thanks,
      Alan

      14:19:33,382 DEBUG [JBossUserRealm#java:jaas/SunOneDirectory] authenticating: Name:alanw Password:****
      14:19:33,414 DEBUG [JBossUserRealm#java:jaas/SunOneDirectory] authenticated: alanw
      14:19:33,414 DEBUG [JBossUserRealm#java:jaas/SunOneDirectory] setting JAAS subjectAttributeName(j_subject) : Subject:
      Principal: alanw
      Principal: Roles

      14:19:33,445 DEBUG [JBossUserRealm#java:jaas/SunOneDirectory] authenticating: Name:alanw Password:****
      14:19:33,445 DEBUG [JBossUserRealm#java:jaas/SunOneDirectory] authenticated: alanw
      14:19:33,445 DEBUG [JBossUserRealm#java:jaas/SunOneDirectory] JBossUserPrincipal: alanw is NOT in Role: Developer
      14:19:33,460 WARN [jbossweb] WARNING: AUTH FAILURE: role for alanw