2 Replies Latest reply on Jun 21, 2004 12:05 PM by voxa2001

    JBoss 4DR4 issue with jaas

    voxa2001
    voxa2001 Jun 3, 2004 1:35 PM

      hi. i try porting an application from jboss 3.2.1 to 4.0.0 DR4. it works so far - only the jaas module fails with a crazy failure.

      when i do login, the principal and role are permuted.

      that means in the userPrincipal Parameter in the request object is in jboss 4 the role name, not the principal name after the authentication.

      where can i find more information about the jaas module from jboss 4.0.0? what has changed?

      here is my login-config part, which is working in jboss 3.2.1:

      <application-policy name = "xavoportal">
 <authentication>
 <login-module code = "de.xavo.jboss.security.auth.spi.XavoDatabaseServerLoginModule" flag = "required">
 <module-option name = "dsJndiName">java:XavoportalDataSource</module-option>
 <module-option name = "principalsQuery">select PASSWORD from LOGIN where upper(LOGIN_NAME)=upper(?)</module-option>
 <module-option name = "rolesQuery">select a.Role, a.ROLEGROUP from(select USER_GROUP.GROUP_ROLE Role, 'Roles' RoleGroup, LOGIN_NAME from USER_GROUP, LOGIN,LOGIN_USER_GROUP where LOGIN.login_id = LOGIN_USER_GROUP.login_id and user_group.user_group_id = LOGIN_USER_GROUP.user_group_id union select USER_GROUP.GROUP_ROLE Role, 'CallerPrincipal' RoleGroup , LOGIN_NAME from USER_GROUP, LOGIN,LOGIN_USER_GROUP where LOGIN.login_id = LOGIN_USER_GROUP.login_id and user_group.user_group_id = LOGIN_USER_GROUP.user_group_id ) a where upper(LOGIN_NAME)=upper(?)</module-option>
 </login-module>
 </authentication>
 </application-policy>


      any ideas?

      • 3053 Views
      • Tags:
        • 1. Re: JBoss 4DR4 issue with jaas
          starksm64
          starksm64 Jun 7, 2004 11:02 AM (in response to voxa2001)

          Any change like this would be a bug. Your saying the authenticated Principal.getName() is a role rather than a valid user name? Via what interface are you obtaining the Principal?

            • Actions
          • 2. Re: JBoss 4DR4 issue with jaas
            voxa2001
            voxa2001 Jun 21, 2004 12:05 PM (in response to voxa2001)

             

            "scott.stark@jboss.org" wrote:
            Any change like this would be a bug. Your saying the authenticated Principal.getName() is a role rather than a valid user name?


            Yes. This is the way i use it.

            Via what interface are you obtaining the Principal?


            with a extended DatabaseServerLoginModule, which is only extended for the decrypting of passwords... Everything else is standard. Perhaps you can check this? The passwordcheck seems correct, because the role is correct for the user.

              • Actions