[jboss-user] [Security JAAS/JBoss] - Re: Programmatic Login Advice
You cannot affect the web container security context via programatic login from the web component level. If you want to interact with the security context you need to integrate with the web container using either a tomcat valve, or a custom authenticator. In general it does not make sense for you do be able to do a jaas login in the context of a web app call. Session ids needs to be correlated, and authentication mechanisms like CLIENT-CERT and DIGEST require that the container interact with the caller side. http://wiki.jboss.org/wiki/Wiki.jsp?page=CustomizingSecurityUsingValves http://wiki.jboss.org/wiki/Wiki.jsp?page=ExtendedFormAuthenticator http://wiki.jboss.org/wiki/Wiki.jsp?page=ExternalizeTomcatAuthenticators View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3992441#3992441 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3992441 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Programmatic Login Advice
OK, One of the Admins is bound to know what this is given this TRACE output. Here is where you can clearly see that the programmatic login is working. It's calling my DBLoginModule, then calling the ClientLoginModule and finally forwarding to the user's homepage. | 2006-12-05 16:58:39,703 INFO [cc.livewire.jboss.login.DBLoginModule] Entering DBLoginModule | 2006-12-05 16:58:39,705 INFO [cc.livewire.jboss.login.DBLoginModule] Logged in user paul OK !! | 2006-12-05 16:58:39,705 INFO [cc.livewire.jboss.login.DBLoginModule] SESSION_ID:CC617D5EB33DDF849FCCE011CC7F2661 | 2006-12-05 16:58:39,725 TRACE [org.jboss.security.ClientLoginModule] Security domain: AMIRealm | 2006-12-05 16:58:39,725 TRACE [org.jboss.security.ClientLoginModule] Enabling restore-login-identity mode | 2006-12-05 16:58:39,725 TRACE [org.jboss.security.ClientLoginModule] Enabling useFirstPass mode | 2006-12-05 16:58:39,725 TRACE [org.jboss.security.ClientLoginModule] Begin login | 2006-12-05 16:58:39,728 TRACE [org.jboss.security.ClientLoginModule] commit, subject=Subject: | Principal: paul | Principal: Roles(members:ami.reseller) | | 2006-12-05 16:58:39,728 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject: | Principal: paul | Principal: Roles(members:ami.reseller) | , [EMAIL PROTECTED],subject=6592395} | 2006-12-05 16:58:39,728 INFO [org.apache.jsp.test_jsp] Got past the login call !!. | 2006-12-05 16:58:39,729 DEBUG [org.apache.catalina.core.ApplicationDispatcher] servletPath=/homePage.do, pathInfo=null, queryString=null, name=null | 2006-12-05 16:58:39,729 DEBUG [org.apache.catalina.core.ApplicationDispatcher] Path Based Forward However, the next click that is made shows some strange things in the server log. It's like the ClientLoginModule never passed on any details at all as when I click on the Logindetails.do?action=change link it automatically is refering me to login.jsp and booting me back to the login page. | 2006-12-05 17:05:50,400 DEBUG [org.apache.catalina.connector.CoyoteAdapter] Requested cookie session id is CC617D5EB33DDF849FCCE011CC7F2661 | 2006-12-05 17:05:50,401 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] Process request for '/AMI/LoginDetails.do' | 2006-12-05 17:05:50,401 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] Checking for SSO cookie | 2006-12-05 17:05:50,401 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] SSO cookie is not present | 2006-12-05 17:05:50,401 TRACE [org.jboss.web.tomcat.security.FormAuthValve] Enter, j_username=null | 2006-12-05 17:05:50,401 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /AMI/LoginDetails.do | 2006-12-05 17:05:50,401 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure Content]' against GET /LoginDetails.do -- true | 2006-12-05 17:05:50,401 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure Content]' against GET /LoginDetails.do -- true | 2006-12-05 17:05:50,401 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure Content]' against GET /LoginDetails.do -- true | 2006-12-05 17:05:50,401 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission() | 2006-12-05 17:05:50,401 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint already satisfied | 2006-12-05 17:05:50,401 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate() | 2006-12-05 17:05:50,401 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Save request in session 'CC617D5EB33DDF849FCCE011CC7F2661' | 2006-12-05 17:05:50,402 DEBUG [org.apache.catalina.core.ApplicationDispatcher] servletPath=/login.jsp, pathInfo=null, queryString=null, name=null | 2006-12-05 17:05:50,402 DEBUG [org.apache.catalina.core.ApplicationDispatcher] Path Based Forward | 2006-12-05 17:05:50,402 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null | 2006-12-05 17:05:50,402 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null | 2006-12-05 17:05:50,409 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null | 2006-12-05 17:05:50,409 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null | 2006-12-05 17:05:50,409 DEBUG [org.apache.catalina.core.ApplicationDispatcher] Disabling the response for futher output | 2006-12-05 17:05:50,409 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test | 2006-12-05 17:05:50,409 TRACE [org.jboss.web.tomcat.security.FormAuthValve] SessionID: CC617D5EB33DDF849FCCE011CC7F2661 | 2006-12-05 17:05:50,409 TRACE [org.jboss.web.tomcat.security.FormAuthValve]
[jboss-user] [Security JAAS/JBoss] - Re: Programmatic Login Advice
I have tried this before with jaas automatic login and was able to login, but after the login and the redirection the security modules loose the information and the user is essentially logged out. I worked with this for about a month and finally gave up and just wrote my own security system then use jboss jaas with non public systems. If any knows how to get this working I would love to hear as well. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3991177#3991177 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3991177 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Programmatic Login Advice
Have a look at Q3 at: http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ See if it helps. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3990439#3990439 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3990439 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Programmatic Login Advice
Hi, ok, I did what Q3 in the security FAQ suggested and put in the following entry within my authentication realm | !-- Add this line to your login-config.xml to include the ClientLoginModule propogation -- | login-module code=org.jboss.security.ClientLoginModule flag=required / | Unfortunately this did not seem to make any difference. Here is some debug from the server log. It's the following 2 lines which I think are a hint that something is still not right. | [org.apache.catalina.core.ApplicationDispatcher] Disabling the response for futher output | 2006-12-01 15:03:47,174 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test | Here is the full debug output I've taken it from the redirect to /homePage.do in test.jsp (which is performing the programmatic login) . Any ideas? | 2006-12-01 15:03:47,157 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] --- | 2006-12-01 15:03:47,157 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] authType=null | 2006-12-01 15:03:47,157 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] contentLength=-1 | 2006-12-01 15:03:47,157 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] contentType=text/html;charset=UTF-8 | 2006-12-01 15:03:47,158 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=Pragma=No-cache | 2006-12-01 15:03:47,158 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=Cache-Control=no-cache | 2006-12-01 15:03:47,158 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=Expires=Thu, 01 Jan 1970 01:00:00 GMT | 2006-12-01 15:03:47,158 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=X-Powered-By=Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5 | 2006-12-01 15:03:47,158 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=Location=https://ami-test.livewire.cc/AMI/homePage.do | 2006-12-01 15:03:47,158 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] message=null | 2006-12-01 15:03:47,158 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] remoteUser=null | 2006-12-01 15:03:47,158 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] status=302 | 2006-12-01 15:03:47,158 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] === | 2006-12-01 15:03:47,168 DEBUG [org.apache.catalina.connector.CoyoteAdapter] Requested cookie session id is 9DE0C12CF880EEFBDB9282AD73EB67FA | 2006-12-01 15:03:47,168 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] REQUEST URI =/AMI/homePage.do | 2006-12-01 15:03:47,168 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] authType=null | 2006-12-01 15:03:47,168 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] characterEncoding=null | 2006-12-01 15:03:47,168 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] contentLength=-1 | 2006-12-01 15:03:47,168 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] contentType=null | 2006-12-01 15:03:47,168 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] contextPath=/AMI | 2006-12-01 15:03:47,168 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] cookie=JSESSIONID=9DE0C12CF880EEFBDB9282AD73EB67FA | 2006-12-01 15:03:47,168 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=accept=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* | 2006-12-01 15:03:47,168 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=accept-language=en-us | 2006-12-01 15:03:47,168 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=ua-cpu=x86 | 2006-12-01 15:03:47,168 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=accept-encoding=gzip, deflate | 2006-12-01 15:03:47,168 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=user-agent=Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; InfoPath.1; .NET CLR 2.0.50727) | 2006-12-01 15:03:47,169 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]]
[jboss-user] [Security JAAS/JBoss] - Re: Programmatic Login Advice
Hi, OK, we have a little progress, but there is still a problem. I changed the c:redirect url=/homePage.do/ to a jsp:forward page=/homePage.do / and now it does go from test.jsp to the user's homepage within my webapp. Also, things such the user's account balance etc along with various other beans I am putting into the users session all seem to be there, so it does seem to be doing at least some part of the login correctly. However, ALL of the images on the user's homepage do not come through, they are just placeholders. Also, and perhaps a little stranger given the fact that at least some portion of the login process seems to have worked, when you click on a link from the homepage, say /Account.do?action=view it again takes me straight back to the login page. There must be some information that is somehow not making it through to all parts of the webapp as some things are working and others are not. Any ideas? Regards, Paul. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3990466#3990466 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3990466 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user