0 Replies Latest reply on Jan 10, 2006 3:15 AM by Efrat Bar-Nahum

    Problems with isUserInRole and commit() method

    Efrat Bar-Nahum Newbie

      Hi,

      I'm using JAAS with JBoss for my web application.
      I'm trying to implement my own login module, and I want to extend from DatabaseServerLoginModule.

      In the login-config.xml I use:

      <application-policy name="ImagineModule">
       <authentication>
       <login-module code="com.imagine.security.ImagineLoginModule"
       flag="required">
       <module-option name="dsJndiName">java:/MySqlDS</module-option>
       <module-option name="principalsQuery">select passwd from User where username=?</module-option>
       <module-option name="rolesQuery">select userRoles,'Roles' from userrole where userName=?</module-option>
       </login-module>
       </authentication>
      </application-policy>
      

      In my web.xml:
      <security-constraint>
       <display-name>require valid user</display-name>
       <web-resource-collection>
       <web-resource-name>EM application</web-resource-name>
       <url-pattern>/*</url-pattern>
       <http-method>HEAD</http-method>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       <http-method>PUT</http-method>
       <http-method>DELETE</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>*</role-name>
       </auth-constraint>
       <user-data-constraint>
       <transport-guarantee>NONE</transport-guarantee>
       </user-data-constraint>
      </security-constraint>
      
      <login-config>
       <auth-method>FORM</auth-method>
       <realm-name>EM Application</realm-name>
       <form-login-config>
       <form-login-page>/faces/html/common/login.jsp</form-login-page>
       <form-error-page>/faces/html/common/login.jsp?failed=true</form-error-page>
       </form-login-config>
      </login-config>
      
      <security-role>
       <role-name>*</role-name>
      </security-role>

      I have few questions:
      1) Can I write ONLY my own login method (and use the default implementation of the commit)?
      When I try to do so I get failure in the commit and can't login (I get to my form-error-page).
      When I try to use my own commit I manage to get into my application, but when I do
      request.isUserInRole("Admin");
      I get false where I should get true.

      So I'm thinking maybe I'm not implementing the commit well.
      2) How does the isUserInRole work? How do I set the roles?
      In my commit implenemtation I use my own Principals for user and role and do the following:
      subject.getPrincipals().add(new UserPrincipal("admin"));
      subject.getPrincipals().add(new RolePrincipal("Admin"));
      return true;

      How do I use this info later and set it in the session?
      When I add the RolePrincipal to the subject, how is it connected to the role that I ask for in isUserInRole?? (after all, the RolePrincipal is my own class).
      Can someone lead me in with the commit implementaion?
      I know that something is missing, but I don't know what...

      Please help...
      Thanks,
      Efrat