7 Replies Latest reply on Mar 7, 2004 10:03 AM by Scott Stark

    getUserPrincipal() not returning the expected value

    renato0307 Newbie

      I tried to implement a custom login module as described in the JBoss documentation.
      The problem is that in the Servlets or JSPs when I call the getUserPrincipal() method
      the principal I get not the one I defined in the getRoleSets() method of the MyModule
      class (line "groups[1].addMember(new SimplePrincipal("john"));").

      Any idea of what could be wrong?

      Thank you in advance,

      Renato Torres

      PS: The code I'm using is:

      -------- LoginModule ----------------

      public class MyLoginModule extends UsernamePasswordLoginModule {


      protected Group[] getRoleSets() throws LoginException {

      try {

      String[] roles = getRoles();
      Group[] groups = { new SimpleGroup("Roles"),
      new SimpleGroup("CallerPrincipal") };

      for (int r = 0; r < roles.length; r++) {
      SimplePrincipal role = new SimplePrincipal(roles[r]);

      groups[1].addMember(new SimplePrincipal("john"));
      return groups;

      } catch (Exception e) {
      throw new LoginException(e.toString());

      -------- JSP -------------------------



      ------- JSP Result -------------------

      org.jboss.security.SimplePrincipal rat

      Comment: "rat" is the name I used to login.
      Shouldn't I be getting "org.jboss.security.SimplePrincipal john"?

        • 1. Re: getUserPrincipal() not returning the expected value
          baric Newbie

          Well, I'm having pretty much the same problem, where the Principal put into the CallerPrincipal Group is not the one returned in the JSP when you call request.getUserPrincipal(). Looks like I'm going code diving...

          • 2. Re: getUserPrincipal() not returning the expected value
            anis Newbie


            I have posted the same problem some week ago, and none could help me.
            Because JSP´s are handled by the embedded Tomcat, I have tried to find an answer at the tomcat-mailinglists. This is the only answer I got:

            "you need a custom Realm
            implementation, probably a simple extension of one of the existing Realms
            (see the Realm how-to and server.xml for discussion and examples). This
            realm will create your custom principal object.
            The problem is that the embedded Tomcat doesn´t have a server.xml.
            So I am afraid we need an answer from the JBOss-Specialisits.

            Hope a.s.a.p

            • 3. Re: getUserPrincipal() not returning the expected value
              anis Newbie

              I don´t think it´s a Tomcat Problem, because the given Principal is a SimplePrincipal, which is a jboss Class. So JBoss didn´t do the right work.did it?

              • 4. Re: getUserPrincipal() not returning the expected value
                baric Newbie


                "anbenham" wrote:
                I don't think it's a Tomcat Problem, because the given Principal is a SimplePrincipal, which is a jboss Class.

                Exactly. Somewhere Tomcat and JBoss are talking to each other and JBoss seems to be providing the operational environment identity as opposed to the create application identity, as it does in EJB's. So the question is why this difference and how to fix it?

                • 5. Re: getUserPrincipal() not returning the expected value
                  DRAI William Newbie

                  The problem is in the jboss tomcat integration :

                  You will ALWAYS get a SimplePrincipal in getUserPrincipal().
                  Here is a part of the authentication code in JBossSecurityMgrRealm :

                  public Principal authenticate(String username, String credentials)
                  // Get the JBoss security manager from the ENC context
                  AuthenticationManager securityMgr = (AuthenticationManager) securityCtx.lookup("securityMgr");
                  principal = new SimplePrincipal(username);
                  char[] passwordChars = null;
                  if( credentials != null )
                  passwordChars = credentials.toCharArray();
                  if( securityMgr.isValid(principal, passwordChars) )
                  category.log(XLevel.TRACE, "User: "+username+" is authenticated");
                  principal = null;
                  category.log(XLevel.TRACE, "User: "+username+" is NOT authenticated");
                  return principal;

                  I think the LoginModule is called by securityMgr.isValid but the resulting LoginContext is never used.

                  • 6. Re: getUserPrincipal() not returning the expected value
                    Ben Alex Newbie

                    Hi everyone. I came across the same issue whilst writing a security adapter for JBoss (www.acegi.com.au/security). You'll find the following will work:

                    import java.security.Principal;
                    import java.util.Iterator;
                    import javax.naming.InitialContext;
                    import javax.naming.NamingException;
                    import javax.security.auth.Subject;
                    import javax.servlet.http.HttpServletRequest;
                    import au.com.acegi.springsecurity.Authentication;
                    import au.com.acegi.springsecurity.adapters.AbstractMvcIntegrationInterceptor;
                     * Populates a {@link SecureContext} from JBoss'
                     * <code>java:comp/env/security/subject</code>.
                     * <p>See {@link AbstractMvcIntegrationInterceptor} for further information.
                     * @author Ben Alex
                     * @version $Id: JbossMvcIntegrationInterceptor.java,v 1.2 2004/03/02 23:27:08 balex Exp $
                    public class JbossMvcIntegrationInterceptor extends AbstractMvcIntegrationInterceptor {
                     public Object extractFromContainer(HttpServletRequest request) {
                     Subject subject = null;
                     try {
                     InitialContext ic = new InitialContext();
                     subject = (Subject) ic.lookup("java:comp/env/security/subject");
                     } catch (NamingException ne) {
                     if (super.logger.isDebugEnabled())
                     super.logger.warn("Lookup on Subject failed " + ne.getLocalizedMessage());
                     if (subject != null && subject.getPrincipals() != null) {
                     Iterator principals = subject.getPrincipals().iterator();
                     while (principals.hasNext()) {
                     Principal p = (Principal) principals.next();
                     if (super.logger.isDebugEnabled())
                     super.logger.debug("Found Principal in container (" + p.getClass().getName() + ") : " + p.getName());
                     if (p instanceof Authentication)
                     return p;
                     return null;

                    • 7. Re: getUserPrincipal() not returning the expected value
                      Scott Stark Master

                      A custom principal is used in the tomcat layer as of 3.2.4RC1 is the login module provides a group named CallerPrincpal that contains the custom principal.