0 Replies Latest reply on May 29, 2007 12:01 AM by BHASKARA PRASAD ILLIPILLA

    Runas identity for a jsp/servlet does not work

    BHASKARA PRASAD ILLIPILLA Newbie

      Hi

      I have been trouble shooting an issue where in I could not get Runas principal work for a jsp that is marked with run-as tag. Looks like the http://jira.jboss.com/jira/browse/JBAS-1297 has fixed part of my issue. But it still does not work.
      Below are my web.xml snippets (adding only required parts)


      <servlet-name>SecureJSP</servlet-name>
      <jsp-file>/secure/indexsecure.jsp</jsp-file>
      <run-as>
      <role-name>WebRunAsRole</role-name>
      </run-as>

      .....................
      <security-role>
      <role-name>WebRunAsRole</role-name>
      </security-role>

      Below are my jboss-web.xml snippets
      <security-role>
      <role-name>WebRunAsRole</role-name>
      <principal-name>b2uset</principal-name>
      </security-role>

      <servlet-name>SecureJSP</servlet-name>
      <run-as-principal>b2uset</run-as-principal>


      After addding above in my descriptors with debugging on I could see when the application gets deployed it uses the role as well as princpal. Below are my log entries.

      2007-05-28 17:50:31,055 TRACE [org.jboss.web.tomcat.security.RunAsListener] SecureJSP, runAs: [roles=[WebRunAsRole],principal=b2uset]
      2007-05-28 17:50:31,055 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=[roles=[WebRunAsRole],principal=b2uset]


      Although everything looks good so far, I could not get this jsp running under the principal "b2uset" when the jsp is accessed. My request.getUserPrincipal, Request.getRemoteUser, SecurityAssociation.getSubject all seem to be showing either null or any existing context of already authenticated user but not the prinipal of run-as user "b2uset". With EJB things may be working but I have not tried. I am currently trying with jsp.

      Any thoughts?