No access when roles defined in database
lduperval Oct 12, 2005 3:29 PMHi,
I'm having a problem with authorization using Struts 1.1/Jboss 3.2.5.
I have an initial class called MainComponenetMainMenuAction. In the execute() method of that class, I have this:
if (true) {
throw new Exception("Expection reached");
}
When I try to access the action, I don't reach the exception and I don't understand why.
I am using FORM validation using a database. All my components use auth constraint "*". I have no roles (other than "*") defined in my application. So my web.xml looks like this:
<security-constraint> <web-resource-collection> <web-resource-name>secure-web-component-names</web-resource-name> <url-pattern>/MainComponentMainPage.jsp</url-pattern> <url-pattern>/MainComponentAdminPage.jsp</url-pattern> <url-pattern>/MainComponentMainMenu.do</url-pattern> <url-pattern>/MainComponentAdminMenu.do</url-pattern> <http-method>HEAD</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint>
When I trace the code, I see this:
2005-10-12 15:08:45,888 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login 2005-10-12 15:08:45,903 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'admin' authenticated, loginOk=true 2005-10-12 15:08:45,903 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true 2005-10-12 15:08:45,935 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role it 2005-10-12 15:08:45,935 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role user 2005-10-12 15:08:45,935 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role admin 2005-10-12 15:08:45,950 TRACE [org.jboss.security.plugins.JaasSecurityManager.my_security_realm] updateCache, subject=Subject: Principal: admin Principal: Roles(members:user,admin,it) 2005-10-12 15:08:45,950 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] User: admin is authenticated 2005-10-12 15:08:45,950 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Mapped from input principal: adminto: admin 2005-10-12 15:08:45,950 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] End authenticate, principal=admin 2005-10-12 15:08:45,950 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authentication of 'admin' was successful 2005-10-12 15:08:45,950 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Redirecting to original '/MainComponentMainMenu.do' 2005-10-12 15:08:45,950 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test ??/j_security_check 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /MainComponentMainMenu.do 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Standard-Struts-Administrative-Actions]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[AlturaForceContainerLogin]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure-Main-Menu]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> true 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure-web-component-names]' against GET /MainComponentMainMenu.do --> false 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission() 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate() 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Checking for reauthenticate in session StandardSession[22488C5E5187589AEC862116D4DD0F0F] 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Reauthenticating username 'admin' 2005-10-12 15:08:45,966 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Begin authenticate, username=admin 2005-10-12 15:08:45,966 TRACE [org.jboss.security.plugins.JaasSecurityManager.my_security_realm] validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1a3ae73 2005-10-12 15:08:45,966 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] User: admin is authenticated 2005-10-12 15:08:45,966 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Mapped from input principal: adminto: admin 2005-10-12 15:08:45,966 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] End authenticate, principal=admin 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Reauthentication failed, proceed normally 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Restore request from session '22488C5E5187589AEC862116D4DD0F0F' 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Authenticated 'admin' with type 'FORM' 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Proceed to restored request 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling accessControl() 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Successfully passed all security constraints 2005-10-12 15:08:45,966 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] action, runAs: null 2005-10-12 15:08:45,966 DEBUG [org.apache.catalina.core.StandardWrapper] Returning non-STM instance
My login-config.xml says:
<application-policy name = "my_security_realm"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name = "dsJndiName">java:/DefaultDS</module-option> <module-option name = "principalsQuery">SELECT PASSWORD FROM user WHERE USERID=?</module-option> <module-option name = "rolesQuery"> SELECT role_Name,'Roles' FROM Role WHERE USERID=? </module-option> </login-module> <login-module code="org.jboss.security.ClientLoginModule" flag="required" /> </authentication> </application-policy>