You will not get your custom principal. For BearerTokenAuth, it never
touches the login module, so your custom principal will never be created
and propagated. The Principal is generated from the Token.
On 7/5/2013 4:48 AM, marcel rovira wrote:
> Hello,
>
> I'm using resteasy 3.0.1 Final with oauth in JBoss 6.1 EAP and my custom
> principal class is not propagated to sessioncontext in an EJB3.
> Oauth is configured as BearerTokenAuthenticator only
>
> My login-module configuration in standalone.xml to use extended login module
>
> <login-module
> code="es.gc.epsilon.secure.api.shared.resources.MyDatabaseServerLoginModule"
> flag="required">
> <module-option name="dsJndiName"
> value="java:jboss/datasources/EpsilonXADS"/>
> <module-option name="principalsQuery" value="select PASSWORD from
> EP_USER where name=?"/>
> <module-option name="rolesQuery" value="select ROLE_NAME, 'Roles' from
> EP_USER_ROLE where USER_NAME = ?"/>
> <module-option name="hashAlgorithm" value="MD5"/>
> <module-option name="hashEncoding" value="base64"/>
> <module-option name="unauthenticatedIdentity" value="guest"/>
> </login-module>
>
> My DatabaseServerLoginModule:
>
> public class MyDatabaseServerLoginModule extends DatabaseServerLoginModule {
>
> @Override
> protected java.security.Principal createIdentity(String username)
> throws Exception {
>
> System.out.println("createIdentity BEGIN");
>
> MyCustomPrincipal p = null;
> if (principalClassName == null) {
> p = new MyCustomPrincipal(username);
> } else {
> p = (MyCustomPrincipal) super.createIdentity(username);
> }
>
> return p;
> }
> ...
>
>
> My custom principal
>
>
> public class MyCustomPrincipal extends SimplePrincipal implements
> Serializable {
>
> private static final long serialVersionUID = 1L;
>
> private String tenant;
>
> public MyCustomPrincipal(String name) {
> super(name);
> // TODO Auto-generated constructor stub
> }
> ...
>
> My oauth server configuration:
>
> jboss-web.xml
> <jboss-web>
> <security-domain>java:/jaas/jaasEpsilon</security-domain>
> <valve>
>
> <class-name>org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve</class-name>
> </valve>
> </jboss-web>
>
>
> My api rest configuration project:
>
> web.xml
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>jaasEpsilon</realm-name>
> </login-config>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>All resources</web-resource-name>
> <description>Protects all resources</description>
> <url-pattern>/api/secure/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> <role-name>employee</role-name>
> </auth-constraint>
> </security-constraint>
> <context-param>
> <param-name>resteasy.role.based.security</param-name>
> <param-value>true</param-value>
> </context-param>
> jboss-deployment-structure
>
> <jboss-deployment-structure>
> <deployment>
> <dependencies>
> <module name="org.jboss.resteasy.resteasy-jaxrs"
> services="import"/>
> <module name="org.jboss.resteasy.resteasy-jackson-provider"
> services="import"/>
> <module name="org.jboss.resteasy.skeleton-key"/>
> </dependencies>
> </deployment>
> </jboss-deployment-structure>
>
> jboss-web.xml
> <jboss-web>
> <valve>
>
> <class-name>org.jboss.resteasy.skeleton.key.as7.BearerTokenAuthenticatorValve</class-name>
> </valve>
> </jboss-web>
>
>
> From an EJB I extract principal info as
>
> @Resource(name = "sessionContext")
> private SessionContext sctx;
> ...
> Principal principal = sctx.getCallerPrincipal();
> if (!(principal instanceof MyCustomPrincipal)) {
> System.out.println("I expected a " +
> MyCustomPrincipal.class.getName() + " but got a "
> + principal.getClass().getName() + " instead !!!!!!");
>
>
>
> and the result is:
> I expected a es.gc.epsilon.secure.api.shared.resources.MyCustomPrincipal
> but got a org.jboss.resteasy.skeleton.key.SkeletonKeyPrincipal instead
>
> Is this a bug, is there another way to retrieve the caller principal, is
> there any wrong configuration?
>
> Thanks.
>
> Marcel.
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
>
>
>
> _______________________________________________
> Resteasy-users mailing list
> Resteasy-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/resteasy-users
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users
