Is this a valid test for this? I've verified that the login.jsp fires the JAAS login module and I do get the principal object back. In both jsps (login.jsp and verify.jsp), the user/principal information is null. (BTW, I've tried using the JBoss-supplied DatabaseServerLoginModule and my own to check for differences. None)
Can we conclude from this that the JBoss JAAS module is not setting the principal information? Logintest.mxml { <mx:Application xmlns:mx="http://www.macromedia.com/2003/mxml" xmlns="*"> <mx:Panel width="100%" height="100%" title="Login Test"> <mx:VBox height="100%" width="100%"> <mx:Button label="Login" click="getUrl('login.jsp', 'LoginTest')"/> <mx:Button label="Verify" click="getUrl('verify.jsp', 'LoginTest')"/> </mx:VBox> </mx:Panel> </mx:Application> } Login.jsp (snippet) { <% Subject subject = new Subject(); UsernamePasswordHandler handler = new UsernamePasswordHandler(username, password.toCharArray()); LoginContext loginContext = new LoginContext("employee", subject, handler); loginContext.login(); String user = request.getRemoteUser(); String principal = null; if (request.getUserPrincipal() != null) principal = request.getUserPrincipal().getName(); } %> Login Remote User: <%= user %><br> Login Principal: <%= principal %> } Verify.jsp { <% String user = request.getRemoteUser(); String principal = null; if (request.getUserPrincipal() != null) principal = request.getUserPrincipal().getName(); %> Verify Remote User: <%= user %><br> Verify Principal: <%= principal %> } ------------------------------------------------- Jim Schneider KJ Interactive, Inc. 1-877-370-6906 1-612-605-5399 -----Original Message----- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Matt Chotin Sent: Wednesday, February 15, 2006 11:19 AM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Re: setUsernamePassword and J2EE login (bounce) Right, basically attempt to remove Flex from the equation for the moment, get your JAAS module to fire using credentials you pass in using the JSP. Then after you've authenticated use the JSP to see if that newly created authenticated Principal is stored in the request. If it isn't there then the problem is bigger than RemoteObject. Matt -----Original Message----- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Carson Hager Sent: Wednesday, February 15, 2006 9:05 AM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Re: setUsernamePassword and J2EE login (bounce) He's actually not suggesting either. He's suggesting creating a test JSP that returns the user principal objec to verify that the JSP is within an authenticated session. <%=request.getUserPrincipal().getName()%> It looks like you're going through a proxy which is using another "session". As I mentioned earlier, there are issues with the proxy and forwarding credentials from an existing session. Our context was the use of web services but this could very well be what you're seeing as well. Carson ____________________________________________ Carson Hager Cynergy Systems, Inc. http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY Mobile: 1.703.489.6466 -----Original Message----- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Jim Schneider Sent: Wednesday, February 15, 2006 8:49 AM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Re: setUsernamePassword and J2EE login (bounce) Thanks for the responses. Sorry for my ignorance, but are you suggesting that the JSP simulate a login (invoking the loginContext/loginModule)? Or are you suggesting that the JSP set the UserPrincipal in the HTTP request (although I don't see a setter in the request interface API, which makes me wonder how JAAS injects the UserPrincipal into the request, but I can probably find that somewhere). To answer Matt's questions, no, I'm not sure JAAS successfully stores the principal, yes, the login module is being called, but I'll look at it more closely. Thanks again, Jim ------------------------------------------------- Jim Schneider EyeCodeRight, LLC 1-877-370-6906 1-612-605-5399 -----Original Message----- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Dave Wolf Sent: Wednesday, February 15, 2006 8:37 AM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: setUsernamePassword and J2EE login (bounce) We have, as Carson mentioned, definately seen issues where the j_session_id is not properly propogated through the proxy. I would want to see, as Matt alludes to, do the credentials get propogated when we take the proxy out of the picture. I would create a simple JSP page which itself returns the UserPrincipal. Call that JSP from within your Flex app and read the value. -- Dave Wolf Cynergy Systems, Inc. Macromedia Flex Alliance Partner http://www.cynergysystems.com Email: [EMAIL PROTECTED] Office: 866-CYNERGY --- In flexcoders@yahoogroups.com, "Matt Chotin" <[EMAIL PROTECTED]> wrote: > > You sure that JAAS successfully stores the Principal back in the user > request? If you did something similar via JSP would everything come > through correctly? I haven't played with JBoss but WebSphere for > example failed to store the authenticated principal in the request even > when I went through JAAS to login my user in. You traced to see that > your login module is called? > > > > ________________________________ > > From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On > Behalf Of Jim Schneider > Sent: Tuesday, February 14, 2006 2:12 PM > To: flexcoders@yahoogroups.com > Subject: FW: [flexcoders] setUsernamePassword and J2EE login (bounce) > > > > No one has any thoughts/ideas on this? > > > > ------------------------------------------------- > > Jim Schneider > > KJ Interactive, Inc. > > 1-877-370-6906 > > 1-612-605-5399 > > ________________________________ > > From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On > Behalf Of Jim Schneider > Sent: Saturday, February 04, 2006 12:01 PM > To: flexcoders@yahoogroups.com > Subject: RE: [flexcoders] setUsernamePassword and J2EE login > > > > I finally got back to looking at this. I Instrumented my code to look at > flashgateway.Gateway.getHttpRequest().getRemotePrincipal() and > getRemoteUser(). RemoteUser is empty and remote principal is null. I > see the userid/password credentials in the amf trace from the client > (setting UsernamePassword on the service), but nothing in the service. > > > > I'm using remote objects. Remote object is a spring bean. > > > > I've implemented a JAAS login module that appears to be functioning > correctly (loginContext succeeds). > > > > Using JBoss 4.0.x. > > > > Any thoughts? > > > > Thanks, > > > > Jim > > > > ________________________________ > > From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On > Behalf Of Carson Hager > Sent: Saturday, January 21, 2006 10:22 PM > To: flexcoders@yahoogroups.com > Subject: RE: [flexcoders] setUsernamePassword and J2EE login > > > > If you use standard J2EE auth to the container, you can get the remote > user provided you are not using the proxy. There is currently an issue > with the proxy not forwarding the cookie in most ( all that we've seen ) > circumstances. We have received a fix from Adobe on this that we are in > the process of testing. > > > > This being said, if you don't use the proxy, you'll be able to acccess > the user without issue from within your service implementations. Here's > the kicker. The AS2 VM doesn't not handle HTTP status code 500. It > stops parsing the HTTP response when it sees a 500 which means that you > will never be able to get at any data that occurs due to a SOAP Fault. > Per the web services spec, the container is required to return an HTTP > 500 status code when returning a fault. Effectively, you can't handle > SOAP faults when you don't use the proxy and you get that meaningless > error message that looks like it simply couldn't connect to the service. > This issue is "handled" by the proxy. It changes that HTTP status code > to 200 so that the flash player can parse the request. This is a kludge > if you ask me but that's where we are today. As a note, this is being > addressed in FP8.5 but the fix will very likely not ( according to Adobe > ) be fixed in earlier versions due to backward compatibility. > > > > > > Carson > > ____________________________________________ > > Carson Hager > Cynergy Systems, Inc. > http://www.cynergysystems.com <http://www.cynergysystems.com/> > > Email: [EMAIL PROTECTED] > Office: 866-CYNERGY > Mobile: 1.703.489.6466 > > > > > > > ________________________________ > > From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On > Behalf Of Matt Chotin > Sent: Saturday, January 21, 2006 7:37 PM > To: flexcoders@yahoogroups.com > Subject: RE: [flexcoders] setUsernamePassword and J2EE login > > I think you should be able to get it from the > flashgateway.Gateway.getHttpRequest().getRemotePrincipal() or > getRemoteUser(). > > > > ________________________________ > > From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On > Behalf Of Jim Schneider > Sent: Wednesday, January 18, 2006 8:32 AM > To: flexcoders@yahoogroups.com > Subject: [flexcoders] setUsernamePassword and J2EE login > > > > After calling setUsernamePassword on a service, is this information > "available" to the backend services (remote object or web service)? Or > perhaps after a J2EE/JAAS login? If so, how/where? > > > > We have a requirement to do a lot of logging of who's doing what in the > system and was wondering whether there are any alternatives to passing a > username/id with most/all APIs. > > > Thanks for any help. > > > > Jim > > > > > > > > -- > Flexcoders Mailing List > FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt > Search Archives: > http://www.mail-archive.com/flexcoders%40yahoogroups.com > > > > > SPONSORED LINKS > > Web site design development > <http://groups.yahoo.com/gads?t=ms&k=Web+site+design+development&w1=Web+ > site+design+development&w2=Computer+software+development&w3=Software+des > ign+and+development&w4=Macromedia+flex&w5=Software+development+best+prac > tice&c=5&s=166&.sig=L-4QTvxB_quFDtMyhrQaHQ> > > Computer software development > <http://groups.yahoo.com/gads?t=ms&k=Computer+software+development&w1=We > b+site+design+development&w2=Computer+software+development&w3=Software+d > esign+and+development&w4=Macromedia+flex&w5=Software+development+best+pr > actice&c=5&s=166&.sig=lvQjSRfQDfWudJSe1lLjHw> > > Software design and development > <http://groups.yahoo.com/gads?t=ms&k=Software+design+and+development&w1= > Web+site+design+development&w2=Computer+software+development&w3=Software > +design+and+development&w4=Macromedia+flex&w5=Software+development+best+ > practice&c=5&s=166&.sig=1pMBCdo3DsJbuU9AEmO1oQ> > > Macromedia flex > <http://groups.yahoo.com/gads?t=ms&k=Macromedia+flex&w1=Web+site+design+ > development&w2=Computer+software+development&w3=Software+design+and+deve > lopment&w4=Macromedia+flex&w5=Software+development+best+practice&c=5&s=1 > 66&.sig=OO6nPIrz7_EpZI36cYzBjw> > > Software development best practice > <http://groups.yahoo.com/gads?t=ms&k=Software+development+best+practice& > w1=Web+site+design+development&w2=Computer+software+development&w3=Softw > are+design+and+development&w4=Macromedia+flex&w5=Software+development+be > st+practice&c=5&s=166&.sig=f89quyyulIDsnABLD6IXIw> > > > > > > ________________________________ > > YAHOO! GROUPS LINKS > > > > * Visit your group "flexcoders > <http://groups.yahoo.com/group/flexcoders> " on the web. > > * To unsubscribe from this group, send an email to: > [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of > Service <http://docs.yahoo.com/info/terms/> . > > > > ________________________________ > -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/