Hello Bill,
I've got the same problem as "marcel rovira" posted on 5 Jul 2013 10:48.
If you need more information or whatever to solve it, just ask.
Thanks a lot.
Bill Burke <bburke@...> writes:
>
> ON vacation, I'll look into it on Monday and provide a patch soon after.
> I probably just didn't propagate the context.
>
> On 7/5/2013 4:48 AM, marcel rovira wrote:
> > Hello,
> >
> > I'm using resteasy 3.0.1 Final with oauth in JBoss 6.1 EAP and my custom
> > principal class is not propagated to sessioncontext in an EJB3.
> > Oauth is configured as BearerTokenAuthenticator only
> >
> > My login-module configuration in standalone.xml to use extended login
module
> >
> > <login-module
> >
code="es.gc.epsilon.secure.api.shared.resources.MyDatabaseServerLoginModule"
> > flag="required">
> > <module-option name="dsJndiName"
> > value="java:jboss/datasources/EpsilonXADS"/>
> > <module-option name="principalsQuery" value="select PASSWORD from
> > EP_USER where name=?"/>
> > <module-option name="rolesQuery" value="select ROLE_NAME, 'Roles' from
> > EP_USER_ROLE where USER_NAME = ?"/>
> > <module-option name="hashAlgorithm" value="MD5"/>
> > <module-option name="hashEncoding" value="base64"/>
> > <module-option name="unauthenticatedIdentity" value="guest"/>
> > </login-module>
> >
> > My DatabaseServerLoginModule:
> >
> > public class MyDatabaseServerLoginModule extends
DatabaseServerLoginModule {
> >
> > <at> Override
> > protected java.security.Principal createIdentity(String username)
> > throws Exception {
> >
> > System.out.println("createIdentity BEGIN");
> >
> > MyCustomPrincipal p = null;
> > if (principalClassName == null) {
> > p = new MyCustomPrincipal(username);
> > } else {
> > p = (MyCustomPrincipal) super.createIdentity(username);
> > }
> >
> > return p;
> > }
> > ...
> >
> >
> > My custom principal
> >
> >
> > public class MyCustomPrincipal extends SimplePrincipal implements
> > Serializable {
> >
> > private static final long serialVersionUID = 1L;
> >
> > private String tenant;
> >
> > public MyCustomPrincipal(String name) {
> > super(name);
> > // TODO Auto-generated constructor stub
> > }
> > ...
> >
> > My oauth server configuration:
> >
> > jboss-web.xml
> > <jboss-web>
> > <security-domain>java:/jaas/jaasEpsilon</security-domain>
> > <valve>
> >
> >
<class-name>org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve</class-name>
> > </valve>
> > </jboss-web>
> >
> >
> > My api rest configuration project:
> >
> > web.xml
> >
> > <login-config>
> > <auth-method>BASIC</auth-method>
> > <realm-name>jaasEpsilon</realm-name>
> > </login-config>
> >
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>All resources</web-resource-name>
> > <description>Protects all resources</description>
> > <url-pattern>/api/secure/*</url-pattern>
> > <http-method>GET</http-method>
> > <http-method>POST</http-method>
> > </web-resource-collection>
> > <auth-constraint>
> > <role-name>admin</role-name>
> > <role-name>employee</role-name>
> > </auth-constraint>
> > </security-constraint>
> > <context-param>
> > <param-name>resteasy.role.based.security</param-name>
> > <param-value>true</param-value>
> > </context-param>
> > jboss-deployment-structure
> >
> > <jboss-deployment-structure>
> > <deployment>
> > <dependencies>
> > <module name="org.jboss.resteasy.resteasy-jaxrs"
> > services="import"/>
> > <module name="org.jboss.resteasy.resteasy-jackson-provider"
> > services="import"/>
> > <module name="org.jboss.resteasy.skeleton-key"/>
> > </dependencies>
> > </deployment>
> > </jboss-deployment-structure>
> >
> > jboss-web.xml
> > <jboss-web>
> > <valve>
> >
> >
<class-name>org.jboss.resteasy.skeleton.key.as7.BearerTokenAuthenticatorValve</class-name>
> > </valve>
> > </jboss-web>
> >
> >
> > From an EJB I extract principal info as
> >
> > <at> Resource(name = "sessionContext")
> > private SessionContext sctx;
> > ...
> > Principal principal = sctx.getCallerPrincipal();
> > if (!(principal instanceof MyCustomPrincipal)) {
> > System.out.println("I expected a " +
> > MyCustomPrincipal.class.getName() + " but got a "
> > + principal.getClass().getName() + " instead !!!!!!");
> >
> >
> >
> > and the result is:
> > I expected a es.gc.epsilon.secure.api.shared.resources.MyCustomPrincipal
> > but got a org.jboss.resteasy.skeleton.key.SkeletonKeyPrincipal instead
> >
> > Is this a bug, is there another way to retrieve the caller principal, is
> > there any wrong configuration?
> >
> > Thanks.
> >
> > Marcel.
> >
> >
> >
------------------------------------------------------------------------------
> > This SF.net email is sponsored by Windows:
> >
> > Build for Windows Store.
> >
> > http://p.sf.net/sfu/windows-dev2dev
> >
> >
> >
> > _______________________________________________
> > Resteasy-users mailing list
> > Resteasy-users@...
> > https://lists.sourceforge.net/lists/listinfo/resteasy-users
> >
>
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users
