2 Replies Latest reply on Feb 10, 2006 4:58 PM by chris griffith

    Problems with JAAS

    Ben Grabkowitz Newbie

      I setup a DatabaseServerLoginModule with a config that looks like this:

      <policy>
      
       <application-policy name = "JawJaasDbRealm">
       <authentication>
       <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag = "required">
       <module-option name="unauthenticatedIdentity">guest</module-option>
       <module-option name="password-stacking">useFirstPass</module-option>
       <module-option name="dsJndiName">java:/JBossAtWorkDS</module-option>
       <module-option name="principalsQuery">SELECT PASSWORD FROM USER WHERE NAME=?</module-option>
       <module-option name="rolesQuery">SELECT ROLE.NAME, 'Roles' FROM ROLE, USER_ROLE, USER WHERE USER.NAME=? AND USER.ID=USER_ROLE.USER_ID AND ROLE.ID = USER_ROLE.USER_ID</module-option>
       </login-module>
       </authentication>
       </application-policy>
      
      </policy>
      


      Now when I try to use my ejb from a remote client without authenticating... i get an error about principal=null

      But... if I execute the following code in the remote member...
       System.out.println("Principal: '" + this.sessionCtx.getCallerPrincipal().getName() + "'");
      
       if(this.sessionCtx.isCallerInRole("guest"))
       {
       System.out.println("Caller is in role 'guest'");
       }
       else
       {
       System.out.println("Caller is NOT in role 'guest'");
       }
      


      i get the following output...


      15:33:57,320 INFO [STDOUT] Principal: 'guest'
      15:33:57,320 INFO [STDOUT] Caller is NOT in role 'guest'
      


      Why is the role not "guest"?

      And because of this... I can't execute any remote methods that require role guest.

      Any help would be greatly appreciated. I am a J2EE newb so please be gentle.

        • 1. Re: Problems with JAAS
          Ben Grabkowitz Newbie

          forgot to mention that I removed the security on the member...added that code..then executed...otherwise it doesn't execute that member when I require the role guest.

          • 2. Re: Problems with JAAS
            chris griffith Expert

            Two things seem not right here.

            First, your login config application policy does not contain org.jboss.security.ClientLoginModule. I think you need this in order for the authenticated principal info to get propagated to the server when you access an ejb.

            Second, the unathenticatedIdentity of guest is used to create a principal that has no roles. So a call to isCallerInRole('guest') should return false. Correct?

            However, this is pure speculation on my part after reading the server guide as I have never used this LoginModule.

            Does this help?