I found my login-config.xml. Suddenly I fear that I had this working in JBoss but not stand-alone Tomcat, but yet I *know* I was calling isUserInRole. At the same time, I remember the propagation problem between Tomcat and JBoss, and this config is definitely for JBoss. But isUserInRole would definitely be a Tomcat thing . . . Damn!
<application-policy name="mysqldb"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="unauthenticatedIdentity">anybody</module-option> <module-option name="dsJndiName">java:/MySQLDB</module-option> <module-option name="principalsQuery">SELECT password FROM auth_user WHERE username = ?</module-option> <module-option name="rolesQuery">SELECT group_name, 'Roles' FROM auth_group, auth_user_group, auth_user WHERE auth_group.group_id = auth_user_group.group_id AND auth_user_group.user_id = auth_user.user_id AND auth_user.username = ?</module-option> </login-module> </authentication> </application-policy> Erik -----Original Message----- From: [EMAIL PROTECTED] Sent: Aug 9, 2005 4:08 PM To: Struts Users Mailing List <user@struts.apache.org> Subject: Re: Last question on JAAS I promise Mark, when I did this, I had isUserInRole working correctly. I remember that the problem was, I could either "log in with Tomcat" or "log in with JBoss", but there was no propagation between the two. At that point I put it on hold. Also, if the archives go back far enough, I remember a long thread about this . . . a little more than a year ago probably . . . Here is a code slice. This may not help but I wanted to be thorough for the sake of the archives. import java.io.IOException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; public class AuthCallbackHandler implements CallbackHandler { protected String username; protected String password; public AuthCallbackHandler(String username, String password) { this.username = username; this.password = password; } public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { if (callbacks == null || username == null || password == null) return;//throw Exception? int n = callbacks.length; for (int x = 0; x < n; x++) { if (callbacks[x] instanceof NameCallback) ((NameCallback) callbacks[x]).setName(username); else if (callbacks[x] instanceof PasswordCallback) ((PasswordCallback) callbacks[x]).setPassword(password.toCharArray()); else throw new UnsupportedCallbackException(callbacks[x], "Callback type not supported"); } } } . . . (Action class) import javax.security.auth.login.LoginContext; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.Subject; . . . (execute method) LoginForm loginForm = (LoginForm) form; CallbackHandler handler = new AuthCallbackHandler(loginForm.getUsername(), loginForm.getPassword()); try { LoginContext context = new LoginContext("mysqldb", handler); context.login(); Subject subject = context.getSubject(); } . . . I'm betting you are past all this, but since the code above did work at some point (at least my comments say it did -- and I remember testing isUserInRole and it worked) -- perhaps the problem is in the login module itself? Trying to remember, wasn't that something configured with SQL statements and not implemented from scratch? Or are you saying the methods work in your LoginAction but don't work once you're into another action? If that's the case, I'm not sure if I went that far when I tried this . . . Sorry, I wish I would have left better notes about it. Erik -----Original Message----- From: Mark Benussi <[EMAIL PROTECTED]> Sent: Aug 9, 2005 3:39 AM To: 'Struts Users Mailing List' <user@struts.apache.org>, 'Tomcat Users List' <tomcat-user@jakarta.apache.org> Subject: Last question on JAAS I promise OK I got JAAS working with form authentication. That worked a treat (After a bit of head banging). I then moved to invoking the login from Struts (Or a Servlet for Tomcat users who don't use Struts) The code still gets invoked correctly. IBTJAASCallbackHandler callbackHandler = new IBTJAASCallbackHandler(loginForm.getUserName(), loginForm.getPassword()); LoginContext context = new LoginContext("IBTJAAS", callbackHandler); context.login(); However the request.remoteUser() is now null (Was populated correctly when I used form authentication) and the same for request.isUserInRole() (It returns false, even though the Principal was added to the subject). Any ideas...? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]