ON vacation, I'll look into it on Monday and provide a patch soon after.
I probably just didn't propagate the context.
On 7/5/2013 4:48 AM, marcel rovira wrote:
> Hello,
>
> I'm using resteasy 3.0.1 Final with oauth in JBoss 6.1 EAP and my custom
> principal class is not propagated to sessioncontext in an EJB3.
> Oauth is configured as BearerTokenAuthenticator only
>
> My login-module configuration in standalone.xml to use extended login module
>
> <login-module
> code="es.gc.epsilon.secure.api.shared.resources.MyDatabaseServerLoginModule"
> flag="required">
> <module-option name="dsJndiName"
> value="java:jboss/datasources/EpsilonXADS"/>
> <module-option name="principalsQuery" value="select PASSWORD from
> EP_USER where name=?"/>
> <module-option name="rolesQuery" value="select ROLE_NAME, 'Roles' from
> EP_USER_ROLE where USER_NAME = ?"/>
> <module-option name="hashAlgorithm" value="MD5"/>
> <module-option name="hashEncoding" value="base64"/>
> <module-option name="unauthenticatedIdentity" value="guest"/>
> </login-module>
>
> My DatabaseServerLoginModule:
>
> public class MyDatabaseServerLoginModule extends DatabaseServerLoginModule {
>
> @Override
> protected java.security.Principal createIdentity(String username)
> throws Exception {
>
> System.out.println("createIdentity BEGIN");
>
> MyCustomPrincipal p = null;
> if (principalClassName == null) {
> p = new MyCustomPrincipal(username);
> } else {
> p = (MyCustomPrincipal) super.createIdentity(username);
> }
>
> return p;
> }
> ...
>
>
> My custom principal
>
>
> public class MyCustomPrincipal extends SimplePrincipal implements
> Serializable {
>
> private static final long serialVersionUID = 1L;
>
> private String tenant;
>
> public MyCustomPrincipal(String name) {
> super(name);
> // TODO Auto-generated constructor stub
> }
> ...
>
> My oauth server configuration:
>
> jboss-web.xml
> <jboss-web>
> <security-domain>java:/jaas/jaasEpsilon</security-domain>
> <valve>
>
> <class-name>org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve</class-name>
> </valve>
> </jboss-web>
>
>
> My api rest configuration project:
>
> web.xml
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>jaasEpsilon</realm-name>
> </login-config>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>All resources</web-resource-name>
> <description>Protects all resources</description>
> <url-pattern>/api/secure/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> <role-name>employee</role-name>
> </auth-constraint>
> </security-constraint>
> <context-param>
> <param-name>resteasy.role.based.security</param-name>
> <param-value>true</param-value>
> </context-param>
> jboss-deployment-structure
>
> <jboss-deployment-structure>
> <deployment>
> <dependencies>
> <module name="org.jboss.resteasy.resteasy-jaxrs"
> services="import"/>
> <module name="org.jboss.resteasy.resteasy-jackson-provider"
> services="import"/>
> <module name="org.jboss.resteasy.skeleton-key"/>
> </dependencies>
> </deployment>
> </jboss-deployment-structure>
>
> jboss-web.xml
> <jboss-web>
> <valve>
>
> <class-name>org.jboss.resteasy.skeleton.key.as7.BearerTokenAuthenticatorValve</class-name>
> </valve>
> </jboss-web>
>
>
> From an EJB I extract principal info as
>
> @Resource(name = "sessionContext")
> private SessionContext sctx;
> ...
> Principal principal = sctx.getCallerPrincipal();
> if (!(principal instanceof MyCustomPrincipal)) {
> System.out.println("I expected a " +
> MyCustomPrincipal.class.getName() + " but got a "
> + principal.getClass().getName() + " instead !!!!!!");
>
>
>
> and the result is:
> I expected a es.gc.epsilon.secure.api.shared.resources.MyCustomPrincipal
> but got a org.jboss.resteasy.skeleton.key.SkeletonKeyPrincipal instead
>
> Is this a bug, is there another way to retrieve the caller principal, is
> there any wrong configuration?
>
> Thanks.
>
> Marcel.
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
>
>
>
> _______________________________________________
> Resteasy-users mailing list
> Resteasy-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/resteasy-users
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users
