0 Replies Latest reply on Jan 10, 2006 3:15 AM by efratb

    Problems with isUserInRole and commit() method

    efratb
    efratb Jan 10, 2006 3:15 AM

      Hi,

      I'm using JAAS with JBoss for my web application.
      I'm trying to implement my own login module, and I want to extend from DatabaseServerLoginModule.

      In the login-config.xml I use:

      <application-policy name="ImagineModule">
 <authentication>
 <login-module code="com.imagine.security.ImagineLoginModule"
 flag="required">
 <module-option name="dsJndiName">java:/MySqlDS</module-option>
 <module-option name="principalsQuery">select passwd from User where username=?</module-option>
 <module-option name="rolesQuery">select userRoles,'Roles' from userrole where userName=?</module-option>
 </login-module>
 </authentication>
</application-policy>

      In my web.xml: 
      <security-constraint>
 <display-name>require valid user</display-name>
 <web-resource-collection>
 <web-resource-name>EM application</web-resource-name>
 <url-pattern>/*</url-pattern>
 <http-method>HEAD</http-method>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 <http-method>PUT</http-method>
 <http-method>DELETE</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>*</role-name>
 </auth-constraint>
 <user-data-constraint>
 <transport-guarantee>NONE</transport-guarantee>
 </user-data-constraint>
</security-constraint>

<login-config>
 <auth-method>FORM</auth-method>
 <realm-name>EM Application</realm-name>
 <form-login-config>
 <form-login-page>/faces/html/common/login.jsp</form-login-page>
 <form-error-page>/faces/html/common/login.jsp?failed=true</form-error-page>
 </form-login-config>
</login-config>

<security-role>
 <role-name>*</role-name>
</security-role>

      I have few questions:
      1) Can I write ONLY my own login method (and use the default implementation of the commit)?
      When I try to do so I get failure in the commit and can't login (I get to my form-error-page).
      When I try to use my own commit I manage to get into my application, but when I do 
      request.isUserInRole("Admin");
      I get false where I should get true.

      So I'm thinking maybe I'm not implementing the commit well.
      2) How does the isUserInRole work? How do I set the roles?
      In my commit implenemtation I use my own Principals for user and role and do the following: 
      subject.getPrincipals().add(new UserPrincipal("admin"));
subject.getPrincipals().add(new RolePrincipal("Admin"));
return true;

      How do I use this info later and set it in the session?
      When I add the RolePrincipal to the subject, how is it connected to the role that I ask for in isUserInRole?? (after all, the RolePrincipal is my own class).
      Can someone lead me in with the commit implementaion?
      I know that something is missing, but I don't know what...

      Please help...
      Thanks,
      Efrat

      • 1447 Views
      • Tags: