6 Replies Latest reply on Aug 17, 2005 10:30 AM by shin tai

    Basic Auth not propogating Security

    shin tai Newbie

      Hi all,

      I'm porting an application to JBoss that uses basic authentication. I have classes that are exposed as webservices; they implement the Remote and the ServiceLifecycle interfaces. From here I need to pull the username and password from the Authorization header and do some 'manual' validation.

      I wrote a simple application to test and it works just fine. I generate a client from the wsdl, make the call with an Authorization header set and I get a response back.

      My jboss-web.xml

      <jboss-web>
      <security-domain>java:/jaas/mymail</security-domain>
      </jboss-web>


      My web.xml

      <servlet>
      <servlet-name>MailServlet</servlet-name>
      <servlet-class>org.mytest.impl.CheckMail</servlet-class>
      </servlet>
      
      <servlet-mapping>
      <servlet-name>MailServlet</servlet-name>
      <url-pattern>/check</url-pattern>
      </servlet-mapping>
      
      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>mymail</realm-name>
      </login-config>


      And my code in CheckMail.java

      Object a = SecurityAssociation.getCredential();
       Object b = SecurityAssociation.getPrincipal();
      
       System.err.println("credential " + a);
       System.err.println("principal " + b); //SimplePrinciple obj
      


      And that works just fine. But I when I apply the changes to my application the credential and principal objects are null. I attached a debugger to SecurityAssociation to see if they were being cleared but it looked like the set methods weren't being called at all. I realise it's difficult to say what's going on without showing the actual application being ported but any help about where I should start look would be appreciated.

      I wasn't involved in the installation of jboss so it's possible there's a constraint set somewhere on the application preventing it from propogating the details over but not for my test application which was deployed in the same server instance.

      Many Thanks