5 Replies Latest reply on Jun 16, 2005 1:23 PM by Scott Stark

    Prinicpal = null

    milkygto Newbie

      Can anyone point out what is the problem here? I followed the jaashowto, but I still can't get the principal to work.

      After I do the loginContext.login(), my user and role are set. If I do a forward(), I can get to the restricted resources.
      But if I do a request.sendRedirect, I will lost all the principal. So I tested it by getting it out from request.getUserPrincipal(),
      and it didn't suprise me for returning me a null. I am tested it jboss 4.0.1 RC1 and RC2, and both of them doesn't work.

      Thanks,

      -------------------------------------------------------------------------------
      LoginServlet
      -------------------------------------------------------------------------------

      String username = request.getParameter("username");
      String password = request.getParameter("password");

      try {
      if (username != null && password != null) {

      SecurityAssociationHandler handler = new SecurityAssociationHandler();
      SimplePrincipal user = new SimplePrincipal(username);
      handler.setSecurityInfo(user, password.toCharArray());
      LoginContext loginContext = new LoginContext("equilar-login",
      (CallbackHandler) handler);
      loginContext.login();

      Subject subject = loginContext.getSubject();
      Set principals = subject.getPrincipals();
      principals.add(user);

      Principal p = request.getUserPrincipal();
      if (p != null)
      log.info("Principal = " + p.getName());
      else
      log.info("Principal is null");

      try {
      response.sendRedirect("/index.jsp");
      return;
      } catch (IOException e) {
      log.error("sendRedirect failed", e);
      }
      } else {
      try {
      response.sendRedirect("/login.jsp");
      return;
      } catch (IOException e) {
      log.error("Failed redirecting", e);
      }
      }
      } catch (LoginException e) {
      log.info("Login failed for " + username +". Reason: " + e.getMessage());
      try {
      response.sendRedirect("/login.jsp?login=failed");
      return;
      } catch (IOException ee) {
      log.error("Failed redirecting", ee);
      }
      }

      -------------------------------------------------------------------------------
      Auth.conf in jboss/server/default/conf
      -------------------------------------------------------------------------------
      client-login
      {
      org.jboss.security.ClientLoginModule required;
      };

      equilar-login
      {
      org.jboss.security.ClientLoginModule required
      ;

      org.jboss.security.auth.spi.UsersRolesLoginModule required
      usersProperties="users.properties"
      rolesProperties="roles.properties"
      unauthenticatedIdentity=nobody
      ;

      };

      -------------------------------------------------------------------------------
      Auth.conf in jboss/client
      -------------------------------------------------------------------------------

      client-login
      {
      org.jboss.security.ClientLoginModule required;
      };

      equilar-login
      {
      org.jboss.security.ClientLoginModule required
      ;

      org.jboss.security.auth.spi.UsersRolesLoginModule required
      unauthenticatedIdentity=nobody
      ;
      };

      -------------------------------------------------------------------------------
      login-config.xml
      -------------------------------------------------------------------------------

      <application-policy name="equilar-login">

      <login-module code = "org.jboss.security.ClientLoginModule"
      flag = "required">
      </login-module>

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required">
      <module-option name="usersProperties">users.properties</module-option>
      <module-option name="rolesProperties">roles.properties</module-option>
      <module-option name="unauthenticatedIdentity">nobody</module-option>
      </login-module>

      </application-policy>