Bruno Santos [] created the discussion

"Problems with Custom DatabaseServerLoginModule Roles"

To view the discussion, visit:

OK! My bad... forget about it!

Something rather strange is happening to my custom database login module and 
I'm sure I'm missing something.

I have a class that inherits from DatabaseServerLoginModule. The login method 
is overwritten and in here, the parent login method is always called. If the 
login failed then the class tries to login using LDAP. If LDAP succeeds to 
validate the user credentials then it sets the loginOk flag to true.

Now, if the user is successfully validated against the parent login DB method 
the getRoleSets method gets called and the roles returned. If the user fails to 
be validated against DB but it is successfully validated against the LDAP 
server, the same roles are returned but somehow I'm never able to get receive 
it at the other end of the application.

protected Group[] getRoleSets() throws LoginException {
     String name = getUsername();
     Group[] groups = {new SimpleGroup("Roles")};
     try {
          Principal principal;
          principal = this.createIdentity("ADMIN");
           principal = this.createIdentity("USER");
     } catch(Exception ee) {}
     return groups;

So, basically the difference is that if in the login method the super.login() 
succeeds, then everything ends up working and the necessary credentials are 
received as expected. If it fails I never get the credentials even though the 
loginOk flag is set and the getRolesSet method is called. Through the debugger 
I've noticed that the Identity gets created as expected. Still, I'm missing 

I've looked for the base source code (DatabaseServerLoginModule and up) but I 
could not find it for JBoss AS 6 and I'm stuck right now. I did find older 
versions and from it I could not really understand why this is not working.


--- Update: Just override the commit() method in order to find what the 
subject.getPrincipals() gets set with and it happens that in both cases the 
subject does contain the necessary info to proceed:

public boolean commit() throws LoginException {
     boolean b = super.commit();
     Set<Principal> pList = subject.getPrincipals(); // Returns [admin, 
Roles(members:ADMIN,USER)] for DB login and [bsantos, 
Roles(members:ADMIN,USER)] for LDAP login.
     return b;

This confirms that the issue is somewhere in a failed login method.

Reply to this message by going to Community

Start a new discussion in JBoss Portal at Community

jboss-user mailing list

Reply via email to