0 Replies Latest reply on May 17, 2005 6:03 PM by Fernando Gonçalves

    Security Roles not validated

    Fernando Gonçalves Newbie

      I've implemented a custom login module extending the org.jboss.security.auth.spi.UsernamePasswordLoginModule. I've implemented the methods getUsersPassword and getRoleSets. The authentication process runs well, but the authorization does not. After logon using JAAS I make calls to EJB methods that require security roles, and I get one principal=null on my EBJ SessionContext. I think that this is a propagation problem. In the method getRoleSets I have created one SimpleGroup named Roles and added to it two SimplePrincipals.

      Group[] groups = {new SimpleGroup("Roles")};
      SimplePrincipal role = new SimplePrincipal("R1");
      role = new SimplePrincipal("R2");

      In my ejb-jar.xml I have created the secury-role AuthorizedUser, and gave it permission to one method of one EJB


      < method >
      < /method >

      I was hopping that I would be forbidden to invoke this method but is executes fine, and it is in this EJB that I get principal=null in the sessionContext, after the authentication process, and after the method getRolesSets invocation by JAAS.

      I?m currently using JBoss 3.2.5

      Can anyone help me?