Hi !
I'm using JBoss + Customized JAAS Module. I tried twice, once extending
LoginModule directly and then AbstractServerLoginModule. In both cases I have
my modules running. They initialize, login and commit.
But when I access a protected URI my application always fail with an
unauthorized error although I have loaded all user roles needed.
My login should allow access to any user of role "Teste". Check the code
bellow, it's part of my LoginModule class, it is extending
AbstractServerLoginModule:
/**
| * @see javax.security.auth.spi.LoginModule#login()
| */
| public boolean login() throws LoginException {
| System.out.println("Login do Modulo TestLoginModule.");
|
| char[] password = null;
|
| Callback[] callbacks = new Callback[2];
| callbacks[0] = new NameCallback("Usuário: ");
| callbacks[1] = new PasswordCallback("Senha: ", false);
|
| try {
| callbackHandler.handle(callbacks);
| this.username = ((NameCallback)callbacks[0]).getName();
| char[] tmpPassword =
((PasswordCallback)callbacks[1]).getPassword();
| if (tmpPassword == null) {
| // treat a NULL password as an empty password
| tmpPassword = new char[0];
| }
| password = new char[tmpPassword.length];
| System.arraycopy(tmpPassword, 0,
| password, 0, tmpPassword.length);
| ((PasswordCallback)callbacks[1]).clearPassword();
| } catch (java.io.IOException ioe) {
| throw new LoginException(ioe.toString());
| } catch (UnsupportedCallbackException uce) {
| throw new LoginException("Erro: " +
uce.getCallback().toString() +
| " nao foi possivel obter as informacoes do usuario.");
| }
|
| System.out.println("Username = "+ this.username);
| System.out.println("Password = "+ new String(password));
|
| try {
| this.principal = super.createIdentity(username);
| } catch (Exception e) {
| System.out.println("Erro ao criar principal para o usuario: "+
username);
| System.out.println("Mensagem : "+ e.getMessage());
| return false;
| }
|
| return true;
| }
|
| /**
| * @see javax.security.auth.spi.LoginModule#commit()
| */
| public boolean commit() throws LoginException {
| System.out.println("Commit.");
| if (this.principal == null){
| return false;
| }
|
| super.subject.getPrincipals().add(this.principal);
| Principal teste = new Teste("Teste");
| super.subject.getPrincipals().add(teste);
|
| this.roleSets = new Group[2];
| this.roleSets[0] =
super.createGroup("Roles",super.subject.getPrincipals());
| this.roleSets[1] =
super.createGroup("CallerPrincipal",super.subject.getPrincipals());
|
| return true;
| }
|
| /**
| * @see
org.jboss.security.auth.spi.AbstractServerLoginModule#getIdentity()
| */
| protected Principal getIdentity() {
| return this.principal;
| }
|
| /**
| * @see
org.jboss.security.auth.spi.AbstractServerLoginModule#getRoleSets()
| */
| protected Group[] getRoleSets() throws LoginException {
| return this.roleSets;
| }
I have only one security role called "Teste" in my deploy descriptor and a
security constraint allowing access only for users of "Teste" role for my
application. Since "Teste" role is loaded for all users, everybody should have
access.
Did a miss something ? What's wrong ? Why Http status 403 - Access Denied ?
Thanks in advance !
Michel.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3885344#3885344
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3885344
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id�492&op=click
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
