As far as I can tell, I've met the requirements per the documentation for using this module. I can authenticate without issue, but when I call request.getUserPrincipal I am returned one of the roles associated with the user instead of the user name. I'm likely missing something very subtle here - a look over would be apprecated:
Jboss 3.2.6
Login using david/david.
A call to request.getUserPrincipal().getName() returns "caller_java".
From my login-config.xml:
<module-option name="principalsQuery">
select password from principal where name =?
</module-option>
<module-option name="rolesQuery">
select r.role, r.rolegroup from role r, principal p where p.name =? and r.principal_id = p.id
</module-option>
Using MaxDB:
//
create table principal (
id serial primary key,
name varchar(64) not null,
description varchar(100) default null,
password varchar(64) not null,
create_date timestamp not null default timestamp,
modify_date timestamp not null default timestamp constraint create_date <= modify_date,
unique (name)
)
//
create table role (
id serial primary key,
principal_id fixed(10) not null,
role varchar(64) not null,
rolegroup varchar(64) not null,
create_date timestamp not null default timestamp,
modify_date timestamp not null default timestamp constraint create_date <= modify_date,
unique (principal_id, role, rolegroup),
foreign key role_principal (principal_id) references principal (id)
)
//
INSERT INTO principal (id, name, password) values (1, 'david', 'david')
//
INSERT INTO role (principal_id, role, rolegroup) values (1, 'Echo', 'Roles')
//
INSERT INTO role (principal_id, role, rolegroup) VALUES (1, 'caller_java', 'CallerPrincipal')
You are returned the CallerPrincipal mapping that you installed. If you want to see the raw principal name remove the CallerPrinicpal group mapping.