Problems with isUserInRole and commit() method
efratb Jan 10, 2006 3:15 AMHi,
I'm using JAAS with JBoss for my web application.
I'm trying to implement my own login module, and I want to extend from DatabaseServerLoginModule.
In the login-config.xml I use:
<application-policy name="ImagineModule"> <authentication> <login-module code="com.imagine.security.ImagineLoginModule" flag="required"> <module-option name="dsJndiName">java:/MySqlDS</module-option> <module-option name="principalsQuery">select passwd from User where username=?</module-option> <module-option name="rolesQuery">select userRoles,'Roles' from userrole where userName=?</module-option> </login-module> </authentication> </application-policy>
In my web.xml:
<security-constraint> <display-name>require valid user</display-name> <web-resource-collection> <web-resource-name>EM application</web-resource-name> <url-pattern>/*</url-pattern> <http-method>HEAD</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>EM Application</realm-name> <form-login-config> <form-login-page>/faces/html/common/login.jsp</form-login-page> <form-error-page>/faces/html/common/login.jsp?failed=true</form-error-page> </form-login-config> </login-config> <security-role> <role-name>*</role-name> </security-role>
I have few questions:
1) Can I write ONLY my own login method (and use the default implementation of the commit)?
When I try to do so I get failure in the commit and can't login (I get to my form-error-page).
When I try to use my own commit I manage to get into my application, but when I do
request.isUserInRole("Admin");I get false where I should get true.
So I'm thinking maybe I'm not implementing the commit well.
2) How does the isUserInRole work? How do I set the roles?
In my commit implenemtation I use my own Principals for user and role and do the following:
subject.getPrincipals().add(new UserPrincipal("admin")); subject.getPrincipals().add(new RolePrincipal("Admin")); return true;
How do I use this info later and set it in the session?
When I add the RolePrincipal to the subject, how is it connected to the role that I ask for in isUserInRole?? (after all, the RolePrincipal is my own class).
Can someone lead me in with the commit implementaion?
I know that something is missing, but I don't know what...
Please help...
Thanks,
Efrat