2 Replies Latest reply on May 13, 2005 12:07 PM by Fernando Gonçalves

    Propagating Permissions, please help

    Vinicius Carvalho Newbie

      Helo there. It's been almost a week that I've been reading tutorials, google, and jboss code...
      I don't want to use j_security_check. So after my LoginModule log-me-in I'm unable to propagate the permission...

      LoginContext lc = new LoginContext("myLogin",(CallbackHandler)myHandler);
      lc.login(); //Ok
      lc.getSubject(); //Super OK

      now, how do I propagate this to the conteiner? When I go back to the caller Servlet it is forward to the login page, as it wasn't authenticated.

      Please, someone help me out!

        • 1. Re: Propagating Permissions, please help
          Scott Stark Master

          The container has to be in control of authentication to allow propagation to other secured web resources. You would have to create a custom tomcat valve or authenticator to change the behavior at the container level. You probably just want to implement custom security in a standard filter though.

          • 2. Re: Propagating Permissions, please help
            Fernando Gonçalves Newbie

            I' ve the same problem. I've implemented a custom login module extending the org.jboss.security.auth.spi.UsernamePasswordLoginModule. I've implemented the methods getUsersPassword and getRoleSets. The authentication process runs well, but the authorization does not. After logon using JAAS I make calls to EJB methods that require security roles, and I get one principal=null on my EBJ SessionContext. I think that this is a propagation problem. In the method getRoleSets I?ve created one SimpleGroup named ?Roles? and added to it two SimplePrincipals.

            Group[] groups = {new SimpleGroup("Roles")};
            SimplePrincipal role = new SimplePrincipal("R1");
            groups[0].addMember(role);
            role = new SimplePrincipal("R2");
            groups[0].addMember(role);

            What am I missing?