4 Replies Latest reply on Sep 23, 2004 3:55 AM by Michal Kalanski

    request.isUserInRole not working in JBOSS 4.0.0

    Michal Kalanski Newbie

      Hello !

      I have very simple application:

      <application>
       <display-name>test_app</display-name>
       <web>
       <web-uri>test_web.war</web-uri>
       <context-root>/test_web</context-root>
       </web>
       </module>
       <ejb>test_ejb.jar</ejb>
       </module>
      </application>


      In my web module I have only 1 servlet. My web.xml:

      <web-app>
       <servlet>
       <servlet-name>TestServlet</servlet-name>
       <display-name>Test servlet</display-name>
       <description>Test </description>
       <servlet-class>test.TestServlet</servlet-class>
       </servlet>
       <servlet-mapping>
       <servlet-name>TestServlet</servlet-name>
       <url-pattern>/test</url-pattern>
       </servlet-mapping>
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>secured</web-resource-name>
       <url-pattern>/test</url-pattern>
       <http-method>HEAD</http-method>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       <http-method>PUT</http-method>
       <http-method>DELETE</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>*</role-name>
       </auth-constraint>
       <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
       </security-constraint>
      
       <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
       <form-login-page>/login.jsp</form-login-page>
       <form-error-page>/loginerror.jsp</form-error-page>
       </form-login-config>
       </login-config>
      
       <security-role>
       <role-name>*</role-name>
       </security-role>
      </web-app>

      My jboss-web.xml:

      <jboss-web>
       <security-domain>java:/jaas/postgresql-based</security-domain>
      </jboss-web>

      My login-config.xml:

      <application-policy name = "postgresql-based">
       <authentication>
       <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
       <module-option name = "dsJndiName">java:/TalgosDS</module-option>
       <module-option name = "principalsQuery">SELECT pass FROM user WHERE is_system='f' and login=?</module-option>
       <module-option name = "rolesQuery">select role_code ,'Roles' from roles where login=?</module-option>
       <module-option name = "hashAlgorithm">MD5</module-option>
       <module-option name = "hashEncoding">base64</module-option>
       </login-module>
       </authentication>
       </application-policy>

      In doGet in my TestServlet I have:
      out.println("request.isUserInRole(\"AD1\") = "+request.isUserInRole("AD1")+"");
      out.println("request.getUserPrincipal() = "+request.getUserPrincipal()+"");

      WHen I running this servlet on JBOSS 3.2.5 isUserInRole("AD1") return true
      When I running on JBOSS 4.0.0 isUserInRole("AD1") return false

      Is there a bug in 4.0.0 ?

      What I should to do with jboss configuration to run this application ?


        • 1. Re: request.isUserInRole not working in JBOSS 4.0.0
          Scott Stark Master

          Get the patch described in the following announcement:

          4.0.0 HttpServletRequest.isUserInRole Security Patch

          • 2. Re: request.isUserInRole not working in JBOSS 4.0.0
            Michal Kalanski Newbie

            Thanx for Your response.

            But now I have exception:

            08:15:42,984 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
            java.lang.ClassCastException
             at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:112)
             at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
             at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:57)
             at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
             at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
             at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
             at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:169)
             at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
             at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
             at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
             at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
             at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
             at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
             at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
             at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
             at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
             at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
             at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
             at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
             at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
             at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
             at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
             at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
             at java.lang.Thread.run(Thread.java:534)


            • 3. Re: request.isUserInRole not working in JBOSS 4.0.0
              Scott Stark Master

              Ok, I have replaced the jar with another one that works for me. Make sure what you download matches the info shown here.

              [starksm@banshee9100 tmp]$ md5sum tomcat50-service.jar
              e8912d710767efbe1c0bbc4f61222528 *tomcat50-service.jar
              [starksm@banshee9100 tmp]$ extcheck -verbose tomcat50-service.jar
              Target file:tomcat50-service.jar
              Specification title:JBoss
              Specification version:4.0.0
              Specification vendor:JBoss (http://www.jboss.org/)
              Implementation version:4.0.0p1 (build: CVSTag=JBoss_4_0_0_p1 date=200409230334)
              Implementation vendor:JBoss.org
              
              Comparing with file:/C:/usr/java/j2sdk1.4.2_05/jre/lib/ext/dnsns.jar
              Comparing with file:/C:/usr/java/j2sdk1.4.2_05/jre/lib/ext/ldapsec.jar
              Comparing with file:/C:/usr/java/j2sdk1.4.2_05/jre/lib/ext/localedata.jar
              Comparing with file:/C:/usr/java/j2sdk1.4.2_05/jre/lib/ext/sunjce_provider.jar
              No conflicting installed jar found.