I found my login-config.xml. Suddenly I fear that I had this working in JBoss
but not stand-alone Tomcat, but yet I *know* I was calling isUserInRole. At the
same time, I remember the propagation problem between Tomcat and JBoss, and
this config is definitely for JBoss. But isUserInRole would definitely be a
Tomcat thing . . . Damn!
<application-policy name="mysqldb">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option name="unauthenticatedIdentity">anybody</module-option>
<module-option name="dsJndiName">java:/MySQLDB</module-option>
<module-option name="principalsQuery">SELECT password FROM auth_user
WHERE username = ?</module-option>
<module-option name="rolesQuery">SELECT group_name, 'Roles' FROM
auth_group, auth_user_group, auth_user WHERE auth_group.group_id =
auth_user_group.group_id AND auth_user_group.user_id = auth_user.user_id AND
auth_user.username = ?</module-option>
</login-module>
</authentication>
</application-policy>
Erik
-----Original Message-----
From: [EMAIL PROTECTED]
Sent: Aug 9, 2005 4:08 PM
To: Struts Users Mailing List <user@struts.apache.org>
Subject: Re: Last question on JAAS I promise
Mark, when I did this, I had isUserInRole working correctly. I remember that
the problem was, I could either "log in with Tomcat" or "log in with JBoss",
but there was no propagation between the two. At that point I put it on hold.
Also, if the archives go back far enough, I remember a long thread about this .
. . a little more than a year ago probably . . .
Here is a code slice. This may not help but I wanted to be thorough for the
sake of the archives.
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
public class AuthCallbackHandler implements CallbackHandler {
protected String username;
protected String password;
public AuthCallbackHandler(String username, String password) {
this.username = username;
this.password = password;
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
if (callbacks == null || username == null || password == null)
return;//throw Exception?
int n = callbacks.length;
for (int x = 0; x < n; x++) {
if (callbacks[x] instanceof NameCallback) ((NameCallback)
callbacks[x]).setName(username);
else if (callbacks[x] instanceof PasswordCallback) ((PasswordCallback)
callbacks[x]).setPassword(password.toCharArray());
else throw new UnsupportedCallbackException(callbacks[x], "Callback type
not supported");
}
}
}
. . .
(Action class)
import javax.security.auth.login.LoginContext;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.Subject;
. . .
(execute method)
LoginForm loginForm = (LoginForm) form;
CallbackHandler handler = new AuthCallbackHandler(loginForm.getUsername(),
loginForm.getPassword());
try {
LoginContext context = new LoginContext("mysqldb", handler);
context.login();
Subject subject = context.getSubject();
}
. . .
I'm betting you are past all this, but since the code above did work at some
point (at least my comments say it did -- and I remember testing isUserInRole
and it worked) -- perhaps the problem is in the login module itself? Trying to
remember, wasn't that something configured with SQL statements and not
implemented from scratch?
Or are you saying the methods work in your LoginAction but don't work once
you're into another action? If that's the case, I'm not sure if I went that far
when I tried this . . . Sorry, I wish I would have left better notes about it.
Erik
-----Original Message-----
From: Mark Benussi <[EMAIL PROTECTED]>
Sent: Aug 9, 2005 3:39 AM
To: 'Struts Users Mailing List' <user@struts.apache.org>,
'Tomcat Users List' <tomcat-user@jakarta.apache.org>
Subject: Last question on JAAS I promise
OK I got JAAS working with form authentication. That worked a treat (After a
bit of head banging).
I then moved to invoking the login from Struts (Or a Servlet for Tomcat
users who don't use Struts)
The code still gets invoked correctly.
IBTJAASCallbackHandler callbackHandler = new
IBTJAASCallbackHandler(loginForm.getUserName(), loginForm.getPassword());
LoginContext context = new LoginContext("IBTJAAS", callbackHandler);
context.login();
However the request.remoteUser() is now null (Was populated correctly when I
used form authentication) and the same for request.isUserInRole() (It
returns false, even though the Principal was added to the subject).
Any ideas...?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
