You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Mark Benussi <ma...@hotmail.com> on 2005/08/08 20:24:40 UTC
My first JAAS implementation. A few questions.
I am implementing my first JAAS implementation and have some
problems/questions.
Firstly my commit method of my LoginModule does the following (User and Role
both implement Principal)
// Create a new User Principal with the user name retrieved from the
NameCallback
User user = new User(username);
// Add the principal to the subject
subject.getPrincipals().add(user);
for (int i = 0; i < roles.length; i++) {
// Iterate the role names retrieved from the database lookup
String roleName = roles[i];
// Create a new Role Principal with the role name
Role role = new Role(roleName);
// Add it to the public credentials to see if it works
subject.getPublicCredentials().add(role);
// Add it to the private credentials to see if it works
subject.getPrivateCredentials().add(role);
}
return true;
In the JSP that the application returns to after doing form based
authentication the following occurs
<p>Subject = <%= Subject.getSubject(AccessController.getContext()) %></p>
<p>Remote User = <%= request.getRemoteUser() %></p>
<p>User Prinicipal = <%= request.getUserPrincipal() %></p>
But this produces
Subject = null
Remote User = administrator
User Prinicipal = GenericPrincipal[administrator()]
Why is the subject null please?
The request.isUserInRole() methods for the role names I added to the subject
also return false... has anyone got some helpful ideas please?
If more source is needed I can gladly provide it if will help
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: My first JAAS implementation. A few questions.
Posted by shahab <sm...@pershing.com>.
Hi:
I have similar issue. Would you know if we need to save trhe Subject in
HttpSession?
Otherwise, how would the context get the Subject as follows -
<p>Subject = <%= Subject.getSubject(AccessController.getContext()) %></p>
thanx
Shahab
Mark Benussi wrote:
>
> I am implementing my first JAAS implementation and have some
> problems/questions.
>
> Firstly my commit method of my LoginModule does the following (User and
> Role
> both implement Principal)
>
> // Create a new User Principal with the user name retrieved from the
> NameCallback
> User user = new User(username);
> // Add the principal to the subject
> subject.getPrincipals().add(user);
>
> for (int i = 0; i < roles.length; i++) {
> // Iterate the role names retrieved from the database lookup
> String roleName = roles[i];
> // Create a new Role Principal with the role name
> Role role = new Role(roleName);
> // Add it to the public credentials to see if it works
> subject.getPublicCredentials().add(role);
> // Add it to the private credentials to see if it works
> subject.getPrivateCredentials().add(role);
> }
> return true;
>
> In the JSP that the application returns to after doing form based
> authentication the following occurs
>
> <p>Subject = <%= Subject.getSubject(AccessController.getContext()) %></p>
> <p>Remote User = <%= request.getRemoteUser() %></p>
> <p>User Prinicipal = <%= request.getUserPrincipal() %></p>
>
> But this produces
>
> Subject = null
> Remote User = administrator
> User Prinicipal = GenericPrincipal[administrator()]
> Why is the subject null please?
>
> The request.isUserInRole() methods for the role names I added to the
> subject
> also return false... has anyone got some helpful ideas please?
>
> If more source is needed I can gladly provide it if will help
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/My-first-JAAS-implementation.-A-few-questions.-tf207803.html#a10183578
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: My first JAAS implementation. A few questions.
Posted by Mark Benussi <ma...@hotmail.com>.
And I fixed the problem.
User user = new User(username);
Set subjectPrincipals = subject.getPrincipals();
subjectPrincipals.add(user);
for (int i = 0; i < roles.length; i++) {
String roleName = roles[i];
subjectPrincipals.add(new Role(roleName));
}
return true;
Is how it should have looked.
-----Original Message-----
From: Adam Hardy [mailto:ahardy.struts@cyberspaceroad.com]
Sent: 08 August 2005 19:57
To: Struts Users Mailing List
Subject: Re: My first JAAS implementation. A few questions.
Hi Mark,
this wasn't really Struts but here goes anyway since I happen to know.
If you are using container-managed security in tomcat, then you should
be aware that tomcat has not implemented a pathway between JAAS and the
session which provides any more than the transfer of the username and
the roles.
Whatever else you put in your principal is discarded.
I am not sure why you are losing your roles as well. I have completely
different code for a JBoss implementation.
Mark Benussi on 08/08/05 19:24, wrote:
> I am implementing my first JAAS implementation and have some
> problems/questions.
>
> Firstly my commit method of my LoginModule does the following (User and
Role
> both implement Principal)
>
> // Create a new User Principal with the user name retrieved from the
> NameCallback
> User user = new User(username);
> // Add the principal to the subject
> subject.getPrincipals().add(user);
>
> for (int i = 0; i < roles.length; i++) {
> // Iterate the role names retrieved from the database lookup
> String roleName = roles[i];
> // Create a new Role Principal with the role name
> Role role = new Role(roleName);
> // Add it to the public credentials to see if it works
> subject.getPublicCredentials().add(role);
> // Add it to the private credentials to see if it works
> subject.getPrivateCredentials().add(role);
> }
> return true;
>
> In the JSP that the application returns to after doing form based
> authentication the following occurs
>
> <p>Subject = <%= Subject.getSubject(AccessController.getContext()) %></p>
> <p>Remote User = <%= request.getRemoteUser() %></p>
> <p>User Prinicipal = <%= request.getUserPrincipal() %></p>
>
> But this produces
>
> Subject = null
> Remote User = administrator
> User Prinicipal = GenericPrincipal[administrator()]
> Why is the subject null please?
>
> The request.isUserInRole() methods for the role names I added to the
subject
> also return false... has anyone got some helpful ideas please?
>
> If more source is needed I can gladly provide it if will help
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: My first JAAS implementation. A few questions.
Posted by Mark Benussi <ma...@hotmail.com>.
Oh I see so if I added other properties to my Principal like their proper
name I would loose that. Understood but not a problem as I have a session
class for that kind of detail.
Thanks for your info though.... much appreciated.
----Original Message Follows----
From: Adam Hardy <ah...@cyberspaceroad.com>
Reply-To: "Struts Users Mailing List" <us...@struts.apache.org>
To: Struts Users Mailing List <us...@struts.apache.org>
Subject: Re: My first JAAS implementation. A few questions.
Date: Mon, 08 Aug 2005 19:57:12 +0100
Hi Mark,
this wasn't really Struts but here goes anyway since I happen to know.
If you are using container-managed security in tomcat, then you should be
aware that tomcat has not implemented a pathway between JAAS and the session
which provides any more than the transfer of the username and the roles.
Whatever else you put in your principal is discarded.
I am not sure why you are losing your roles as well. I have completely
different code for a JBoss implementation.
Mark Benussi on 08/08/05 19:24, wrote:
>I am implementing my first JAAS implementation and have some
>problems/questions.
>
>Firstly my commit method of my LoginModule does the following (User and
>Role
>both implement Principal)
>
>// Create a new User Principal with the user name retrieved from the
>NameCallback
>User user = new User(username);
>// Add the principal to the subject
>subject.getPrincipals().add(user);
>
>for (int i = 0; i < roles.length; i++) {
> // Iterate the role names retrieved from the database lookup
> String roleName = roles[i];
> // Create a new Role Principal with the role name
> Role role = new Role(roleName);
> // Add it to the public credentials to see if it works
> subject.getPublicCredentials().add(role);
> // Add it to the private credentials to see if it works
> subject.getPrivateCredentials().add(role);
>}
>return true;
>
>In the JSP that the application returns to after doing form based
>authentication the following occurs
>
><p>Subject = <%= Subject.getSubject(AccessController.getContext()) %></p>
><p>Remote User = <%= request.getRemoteUser() %></p>
><p>User Prinicipal = <%= request.getUserPrincipal() %></p>
>
>But this produces
>
>Subject = null
>Remote User = administrator
>User Prinicipal = GenericPrincipal[administrator()]
>Why is the subject null please?
>
>The request.isUserInRole() methods for the role names I added to the
>subject
>also return false... has anyone got some helpful ideas please?
>
>If more source is needed I can gladly provide it if will help
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: My first JAAS implementation. A few questions.
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
Hi Mark,
this wasn't really Struts but here goes anyway since I happen to know.
If you are using container-managed security in tomcat, then you should
be aware that tomcat has not implemented a pathway between JAAS and the
session which provides any more than the transfer of the username and
the roles.
Whatever else you put in your principal is discarded.
I am not sure why you are losing your roles as well. I have completely
different code for a JBoss implementation.
Mark Benussi on 08/08/05 19:24, wrote:
> I am implementing my first JAAS implementation and have some
> problems/questions.
>
> Firstly my commit method of my LoginModule does the following (User and Role
> both implement Principal)
>
> // Create a new User Principal with the user name retrieved from the
> NameCallback
> User user = new User(username);
> // Add the principal to the subject
> subject.getPrincipals().add(user);
>
> for (int i = 0; i < roles.length; i++) {
> // Iterate the role names retrieved from the database lookup
> String roleName = roles[i];
> // Create a new Role Principal with the role name
> Role role = new Role(roleName);
> // Add it to the public credentials to see if it works
> subject.getPublicCredentials().add(role);
> // Add it to the private credentials to see if it works
> subject.getPrivateCredentials().add(role);
> }
> return true;
>
> In the JSP that the application returns to after doing form based
> authentication the following occurs
>
> <p>Subject = <%= Subject.getSubject(AccessController.getContext()) %></p>
> <p>Remote User = <%= request.getRemoteUser() %></p>
> <p>User Prinicipal = <%= request.getUserPrincipal() %></p>
>
> But this produces
>
> Subject = null
> Remote User = administrator
> User Prinicipal = GenericPrincipal[administrator()]
> Why is the subject null please?
>
> The request.isUserInRole() methods for the role names I added to the subject
> also return false... has anyone got some helpful ideas please?
>
> If more source is needed I can gladly provide it if will help
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org