Hi again.. well i have changed my servlet code; now it's this one:
import java.lang.reflect.InvocationTargetException;
| import java.lang.reflect.Method;
| import java.security.PrivilegedAction;
| import java.security.PrivilegedActionException;
| import java.security.PrivilegedExceptionAction;
| import java.security.Principal;
|
| import java.util.Set;
| import java.util.Iterator;
|
| import javax.security.auth.Subject;
| import javax.security.auth.callback.Callback;
| import javax.security.auth.callback.CallbackHandler;
| import javax.security.auth.callback.NameCallback;
| import javax.security.auth.callback.PasswordCallback;
| import javax.security.auth.callback.TextOutputCallback;
| import javax.security.auth.callback.UnsupportedCallbackException;
| import javax.security.auth.login.LoginContext;
| import javax.security.auth.login.LoginException;
| import javax.servlet.Filter;
| import javax.servlet.FilterChain;
| import javax.servlet.FilterConfig;
| import javax.servlet.ServletException;
| import javax.servlet.ServletRequest;
| import javax.servlet.ServletResponse;
| import javax.servlet.http.HttpServletRequest;
| import javax.servlet.http.HttpServletResponse;
| import javax.servlet.http.HttpServlet;
| import javax.servlet.http.HttpSession;
|
| import java.io.IOException;
|
| public class Dispatcher extends HttpServlet {
|
| /** The WLS security class. Indicates if WLS security is used. */
| private Class wlsSec = null;
|
| /** The context used for the login and logout operations */
| private LoginContext loginContext;
| private static final org.apache.commons.logging.Log logger
| = org.apache.commons.logging.LogFactory.getLog
| (Dispatcher.class);
|
| private String applicationPolicy = "client-login";
|
| //Initialize global variables
| public void init() throws ServletException {
| }
|
| //Process the HTTP Get request
| public void doGet(HttpServletRequest request, HttpServletResponse response)
throws
| ServletException, IOException {
| doPost( request, response );
| }
|
| //Process the HTTP Post request
| public void doPost(HttpServletRequest request, HttpServletResponse response)
throws
| ServletException, IOException {
|
| String username = request.getParameter( "username" );
| String password = request.getParameter( "password" );
| System.out.println( "Tento login con username: ["+ username+ "] e
password: ["+password+"]" + " Il principal à nullo? "+ ( request.getUserPrincipal() )
);
| request.getRequestDispatcher( "/processDef.jsp" ).forward( request,
response );
| //response.sendRedirect( "processDef.jsp" );
|
| }
|
| //Clean up resources
| public void destroy() {
| }
| }
While my filter code is:
import java.io.IOException;
|
| import java.util.Set;
| import java.util.Iterator;
| import java.util.Enumeration;
|
| import java.lang.reflect.InvocationTargetException;
| import java.lang.reflect.Method;
|
| import java.security.PrivilegedAction;
| import java.security.PrivilegedActionException;
| import java.security.PrivilegedExceptionAction;
| import java.security.Principal;
|
|
| import javax.security.auth.Subject;
| import javax.security.auth.callback.Callback;
| import javax.security.auth.callback.CallbackHandler;
| import javax.security.auth.callback.NameCallback;
| import javax.security.auth.callback.PasswordCallback;
| import javax.security.auth.callback.TextOutputCallback;
| import javax.security.auth.callback.UnsupportedCallbackException;
| import javax.security.auth.login.LoginContext;
| import javax.security.auth.login.LoginException;
|
| import javax.servlet.Filter;
| import javax.servlet.FilterChain;
| import javax.servlet.FilterConfig;
| import javax.servlet.ServletException;
| import javax.servlet.ServletRequest;
| import javax.servlet.ServletResponse;
| import javax.servlet.http.HttpServletRequest;
|
| import org.jboss.security.SimplePrincipal;
|
| import de.danet.an.workflow.api.WorkflowServiceFactory;
| import de.danet.an.workflow.api.WorkflowService;
|
| public class LoginFilter implements Filter {
|
| private String applicationPolicy = null;
| private static final org.apache.commons.logging.Log logger
| = org.apache.commons.logging.LogFactory.getLog
| (LoginFilter.class);
|
| /**
| * Simple login context for authentication.
| */
| private static class LoginFilterLoginContext extends LoginContext {
|
| private static class CBH implements CallbackHandler {
| private String userName = null;
| private String password = null;
|
| public CBH(String userName, String password) {
| this.userName = userName;
| this.password = password;
| }
|
| public void handle(Callback[] callbacks) throws
| UnsupportedCallbackException, IOException {
|
| for (int i = 0; i < callbacks.length; i++) {
| if (callbacks instanceof TextOutputCallback) {
| // display the message according to the specified type
| TextOutputCallback toc
| = (TextOutputCallback) callbacks;
| switch (toc.getMessageType()) {
| case TextOutputCallback.INFORMATION:
| System.err.println(toc.getMessage());
| break;
| case TextOutputCallback.ERROR:
| System.err.println("ERROR: " + toc.getMessage());
| break;
| case TextOutputCallback.WARNING:
| System.err.println("WARNING: " + toc.getMessage());
| break;
| default:
| throw new IOException
| ("Unsupported message type: "
| + toc.getMessageType());
| }
| } else if (callbacks instanceof NameCallback) {
| // prompt the user for a username
| NameCallback nc = (NameCallback) callbacks;
| nc.setName(userName);
| } else if (callbacks instanceof PasswordCallback) {
| // prompt the user for sensitive information
| PasswordCallback pc = (PasswordCallback) callbacks;
| pc.setPassword(password.toCharArray());
| } else if (callbacks.getClass().getName().equals
| ("weblogic.security.auth.callback.URLCallback")) {
| } else {
| throw new UnsupportedCallbackException
| (callbacks, "Unrecognized Callback \""
| + callbacks.getClass().getName() + "\"");
| }
| }
| }
| }
|
|
| public LoginFilterLoginContext
| (String applicationPolicy, String userName, String password) throws
| LoginException {
| super(applicationPolicy, new CBH(userName, password));
| }
| }
|
|
| /** The WLS security class. Indicates if WLS security is used. */
| private Class wlsSec = null;
|
| /** The context used for the login and logout operations */
| private LoginContext loginContext;
|
| /**
| * Initialize the filter.
| *
| * @param filterConfig the filter configuration information
| * @throws ServletException if the login context cannot be created
| */
| public void init(FilterConfig filterConfig) throws ServletException {
| // first, find out if we have WLS security
| try {
| wlsSec = Thread.currentThread().getContextClassLoader()
| .loadClass("weblogic.security.Security");
| } catch (ClassNotFoundException e) {
| // OK, not WLS client
| logger.debug("No WLS security class, not using WLS security");
| }
|
| // now get the parameters
| applicationPolicy
| = filterConfig.getInitParameter("ApplicationPolicy");
| if (applicationPolicy == null) {
| applicationPolicy = "client-login";
| }
| }
|
| /**
| * Do nothing.
| */
| public void destroy() {}
|
| /**
| * Perform a login, call the next filter on the filter chain and
| * perform a logout.
| *
| * @param request the request
| * @param response the response
| * @param chain the filter chain
| * @throws IOException IOException
| * @throws ServletException ServletException
| */
| public void doFilter
| (ServletRequest request, ServletResponse response,
| FilterChain chain) throws IOException, ServletException {
|
| HttpServletRequest req = ((HttpServletRequest) (request));
| String userName = req.getParameter("username");
| String password = req.getParameter("password");
| if (logger.isDebugEnabled()) {
| logger.debug("Configured to use application policy \""
| + applicationPolicy + "\", user name \""
| + userName + "\" and "
| + (password == null ? " no password."
| : "a (non-disclosed) password."));
| }
| System.out.println("Username: " + userName + " password: " + password +
| " applicationPolicy: " + applicationPolicy);
| // finally, create login context
| try {
| loginContext = new LoginFilterLoginContext
| (applicationPolicy, userName, password);
| } catch (LoginException e) {
| throw new ServletException
| ("Cannot create LoginContext: " + e.getMessage(), e);
| }
| try {
| loginContext.login();
| System.out.println("Login in LoginFilter ok");
| Subject subject = loginContext.getSubject();
| Set principals = subject.getPrincipals();
| Principal princ = null;
| for (Iterator prinIter = principals.iterator(); prinIter.hasNext(); ) {
|
| princ = ((Principal) (prinIter.next()));
| System.out.println(" Nome principal in LoginFilter: " +
| princ.getName() + " ed à in ruolo? " +
| req.isUserInRole("StaffManagementRole_0"));
| }
| } catch (LoginException e) {
| throw new ServletException("Cannot login: " + e.getMessage(), e);
| }
| try {
| if (wlsSec != null) {
| // Use WLS security. Use reflection to avoid code
| // dependency on WLS
| try {
| Class[] ats = new Class[] {Subject.class,
PrivilegedAction.class};
| Method m = wlsSec.getMethod("runAs", ats);
| final FilterChain chainArg = chain;
| final ServletRequest reqArg = request;
| final ServletResponse resArg = response;
| Object[] args = new Object[] {
| loginContext.getSubject(),
| new PrivilegedExceptionAction() {
| public Object run() throws Exception {
| chainArg.doFilter(reqArg, resArg);
| return null;
| }
| }
| } ;
| m.invoke(null, args);
| } catch (NoSuchMethodException e) {
| logger.error(e.getMessage(), e);
| throw new IllegalStateException(e.getMessage());
| } catch (SecurityException e) {
| logger.error(e.getMessage(), e);
| throw new IllegalStateException(e.getMessage());
| } catch (IllegalAccessException e) {
| logger.error(e.getMessage(), e);
| throw new IllegalStateException(e.getMessage());
| } catch (InvocationTargetException e) {
| if (e.getTargetException()
| instanceof PrivilegedActionException) {
| PrivilegedActionException pe
| = (PrivilegedActionException) e.
| getTargetException();
| if (pe.getException() instanceof IOException) {
| throw (IOException) pe.getException();
| }
| if (pe.getException() instanceof ServletException) {
| throw (ServletException) pe.getException();
| }
| }
| logger.error(e.getMessage(), e);
| throw new IllegalStateException(e.getMessage());
| }
| } else {
| // Use JBoss security.
| chain.doFilter(request, response);
| }
| } finally {
| try {
| loginContext.logout();
| } catch (LoginException e) {
| throw new ServletException
| ("Cannot logout: " + e.getMessage(), e);
| }
| }
| }
| }
Well i have noted that after the filter the servlet is called and this is good, but
the principal in the servlet is null; infact my stack error trace is:
anonymous wrote : 17:54:50,801 INFO [STDOUT] Username: ML password: ML
applicationPolicy: danetworkflow-ia
| 17:54:50,841 INFO [STDOUT] Login in LoginFilter ok
| 17:54:50,841 INFO [STDOUT] Nome principal in LoginFilter: ML ed à in ruolo?
false
| 17:54:50,841 INFO [STDOUT] Nome principal in LoginFilter: CallerPrincipal ed Ã
in ruolo? false
| 17:54:50,841 INFO [STDOUT] Nome principal in LoginFilter: Roles ed à in ruolo?
false
| 17:54:50,841 INFO [STDOUT] Tento login con username: [ML] e password: [ML] Il
principal à nullo? null
| 17:54:50,951 ERROR [SecurityInterceptor] Insufficient method permissions,
principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0],
principalRoles=null
| 17:54:50,951 ERROR [LogInterceptor] EJBException, causedBy:
| java.lang.SecurityException: Insufficient method permissions, principal=null,
method=create, interface=HOME, requiredRoles=[StaffManagementRole_0],
principalRoles=null
| at
org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:229)
| at
org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:83)
| at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
| at
org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
| at
org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:319)
| at org.jboss.ejb.Container.invoke(Container.java:743)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:324)
| at
org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.java:60)
| at org.jboss.mx.server.Invocation.dispatch(Invocation.java:61)
| at org.jboss.mx.server.Invocation.dispatch(Invocation.java:53)
| at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
| at
org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:185)
| at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473)
| at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:97)
| at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:90)
| at
org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
| at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:53)
| at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
| at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
| at $Proxy233.create(Unknown Source)
| .
| .
| .
| .
| .
I'm not able to understand why this happens.... can anybody show the right way in
order to avoid this error? I have configured all the files named in the jaas how
to.... bye
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3852953#3852953
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3852953
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id�065&op=click
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
