Can't load user roles
michel.bertrand Jul 18, 2005 4:33 PMHi !
I'm using JBoss + Customized JAAS Module. I tried twice, once extending LoginModule directly and then AbstractServerLoginModule. In both cases I have my modules running. They initialize, login and commit.
But when I access a protected URI my application always fail with an unauthorized error although I have loaded all user roles needed.
My login should allow access to any user of role "Teste". Check the code bellow, it's part of my LoginModule class, it is extending AbstractServerLoginModule:
/** * @see javax.security.auth.spi.LoginModule#login() */ public boolean login() throws LoginException { System.out.println("Login do Modulo TestLoginModule."); char[] password = null; Callback[] callbacks = new Callback[2]; callbacks[0] = new NameCallback("Usuário: "); callbacks[1] = new PasswordCallback("Senha: ", false); try { callbackHandler.handle(callbacks); this.username = ((NameCallback)callbacks[0]).getName(); char[] tmpPassword = ((PasswordCallback)callbacks[1]).getPassword(); if (tmpPassword == null) { // treat a NULL password as an empty password tmpPassword = new char[0]; } password = new char[tmpPassword.length]; System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length); ((PasswordCallback)callbacks[1]).clearPassword(); } catch (java.io.IOException ioe) { throw new LoginException(ioe.toString()); } catch (UnsupportedCallbackException uce) { throw new LoginException("Erro: " + uce.getCallback().toString() + " nao foi possivel obter as informacoes do usuario."); } System.out.println("Username = "+ this.username); System.out.println("Password = "+ new String(password)); try { this.principal = super.createIdentity(username); } catch (Exception e) { System.out.println("Erro ao criar principal para o usuario: "+ username); System.out.println("Mensagem : "+ e.getMessage()); return false; } return true; } /** * @see javax.security.auth.spi.LoginModule#commit() */ public boolean commit() throws LoginException { System.out.println("Commit."); if (this.principal == null){ return false; } super.subject.getPrincipals().add(this.principal); Principal teste = new Teste("Teste"); super.subject.getPrincipals().add(teste); this.roleSets = new Group[2]; this.roleSets[0] = super.createGroup("Roles",super.subject.getPrincipals()); this.roleSets[1] = super.createGroup("CallerPrincipal",super.subject.getPrincipals()); return true; } /** * @see org.jboss.security.auth.spi.AbstractServerLoginModule#getIdentity() */ protected Principal getIdentity() { return this.principal; } /** * @see org.jboss.security.auth.spi.AbstractServerLoginModule#getRoleSets() */ protected Group[] getRoleSets() throws LoginException { return this.roleSets; }
I have only one security role called "Teste" in my deploy descriptor and a security constraint allowing access only for users of "Teste" role for my application. Since "Teste" role is loaded for all users, everybody should have access.
Did a miss something ? What's wrong ? Why Http status 403 - Access Denied ?
Thanks in advance !
Michel.