You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Mark Benussi <ma...@hotmail.com> on 2005/08/08 20:24:40 UTC

My first JAAS implementation. A few questions.

I am implementing my first JAAS implementation and have some
problems/questions.

Firstly my commit method of my LoginModule does the following (User and Role
both implement Principal)

// Create a new User Principal with the user name retrieved from the
NameCallback
User user = new User(username);
// Add the principal to the subject
subject.getPrincipals().add(user);

for (int i = 0; i < roles.length; i++) {
	// Iterate the role names retrieved from the database lookup
       String roleName = roles[i];
       // Create a new Role Principal with the role name
	Role role = new Role(roleName);
	// Add it to the public credentials to see if it works
	subject.getPublicCredentials().add(role);
	// Add it to the private credentials to see if it works
	subject.getPrivateCredentials().add(role);
}
return true;

In the JSP that the application returns to after doing form based
authentication the following occurs

<p>Subject = <%= Subject.getSubject(AccessController.getContext()) %></p>
<p>Remote User = <%= request.getRemoteUser() %></p>
<p>User Prinicipal = <%= request.getUserPrincipal() %></p>

But this produces

Subject = null
Remote User = administrator
User Prinicipal = GenericPrincipal[administrator()]
Why is the subject null please?

The request.isUserInRole() methods for the role names I added to the subject
also return false... has anyone got some helpful ideas please?

If more source is needed I can gladly provide it if will help

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: My first JAAS implementation. A few questions.

Posted by shahab <sm...@pershing.com>.

Hi:

I have similar issue. Would you know if we need to save trhe Subject in
HttpSession?

Otherwise, how would the context get the Subject as follows - 
<p>Subject = <%= Subject.getSubject(AccessController.getContext()) %></p>

thanx
Shahab


Mark Benussi wrote:
> 
> I am implementing my first JAAS implementation and have some
> problems/questions.
> 
> Firstly my commit method of my LoginModule does the following (User and
> Role
> both implement Principal)
> 
> // Create a new User Principal with the user name retrieved from the
> NameCallback
> User user = new User(username);
> // Add the principal to the subject
> subject.getPrincipals().add(user);
> 
> for (int i = 0; i < roles.length; i++) {
> 	// Iterate the role names retrieved from the database lookup
>        String roleName = roles[i];
>        // Create a new Role Principal with the role name
> 	Role role = new Role(roleName);
> 	// Add it to the public credentials to see if it works
> 	subject.getPublicCredentials().add(role);
> 	// Add it to the private credentials to see if it works
> 	subject.getPrivateCredentials().add(role);
> }
> return true;
> 
> In the JSP that the application returns to after doing form based
> authentication the following occurs
> 
> <p>Subject = <%= Subject.getSubject(AccessController.getContext()) %></p>
> <p>Remote User = <%= request.getRemoteUser() %></p>
> <p>User Prinicipal = <%= request.getUserPrincipal() %></p>
> 
> But this produces
> 
> Subject = null
> Remote User = administrator
> User Prinicipal = GenericPrincipal[administrator()]
> Why is the subject null please?
> 
> The request.isUserInRole() methods for the role names I added to the
> subject
> also return false... has anyone got some helpful ideas please?
> 
> If more source is needed I can gladly provide it if will help
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/My-first-JAAS-implementation.-A-few-questions.-tf207803.html#a10183578
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: My first JAAS implementation. A few questions.

Posted by Mark Benussi <ma...@hotmail.com>.

And I fixed the problem.

User user = new User(username);
Set subjectPrincipals = subject.getPrincipals();
subjectPrincipals.add(user);

for (int i = 0; i < roles.length; i++) {
	String roleName = roles[i];
	subjectPrincipals.add(new Role(roleName));
}
return true;

Is how it should have looked.

-----Original Message-----
From: Adam Hardy [mailto:ahardy.struts@cyberspaceroad.com] 
Sent: 08 August 2005 19:57
To: Struts Users Mailing List
Subject: Re: My first JAAS implementation. A few questions.

Hi Mark,

this wasn't really Struts but here goes anyway since I happen to know.

If you are using container-managed security in tomcat, then you should 
be aware that tomcat has not implemented a pathway between JAAS and the 
session which provides any more than the transfer of the username and 
the roles.

Whatever else you put in your principal is discarded.

I am not sure why you are losing your roles as well. I have completely 
different code for a JBoss implementation.


Mark Benussi on 08/08/05 19:24, wrote:
> I am implementing my first JAAS implementation and have some
> problems/questions.
> 
> Firstly my commit method of my LoginModule does the following (User and
Role
> both implement Principal)
> 
> // Create a new User Principal with the user name retrieved from the
> NameCallback
> User user = new User(username);
> // Add the principal to the subject
> subject.getPrincipals().add(user);
> 
> for (int i = 0; i < roles.length; i++) {
> 	// Iterate the role names retrieved from the database lookup
>        String roleName = roles[i];
>        // Create a new Role Principal with the role name
> 	Role role = new Role(roleName);
> 	// Add it to the public credentials to see if it works
> 	subject.getPublicCredentials().add(role);
> 	// Add it to the private credentials to see if it works
> 	subject.getPrivateCredentials().add(role);
> }
> return true;
> 
> In the JSP that the application returns to after doing form based
> authentication the following occurs
> 
> <p>Subject = <%= Subject.getSubject(AccessController.getContext()) %></p>
> <p>Remote User = <%= request.getRemoteUser() %></p>
> <p>User Prinicipal = <%= request.getUserPrincipal() %></p>
> 
> But this produces
> 
> Subject = null
> Remote User = administrator
> User Prinicipal = GenericPrincipal[administrator()]
> Why is the subject null please?
> 
> The request.isUserInRole() methods for the role names I added to the
subject
> also return false... has anyone got some helpful ideas please?
> 
> If more source is needed I can gladly provide it if will help
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: My first JAAS implementation. A few questions.

Posted by Mark Benussi <ma...@hotmail.com>.

Oh I see so if I added other properties to my Principal like their proper 
name I would loose that. Understood but not a problem as I have a session 
class for that kind of detail.

Thanks for your info though.... much appreciated.

----Original Message Follows----
From: Adam Hardy <ah...@cyberspaceroad.com>
Reply-To: "Struts Users Mailing List" <us...@struts.apache.org>
To: Struts Users Mailing List <us...@struts.apache.org>
Subject: Re: My first JAAS implementation. A few questions.
Date: Mon, 08 Aug 2005 19:57:12 +0100

Hi Mark,

this wasn't really Struts but here goes anyway since I happen to know.

If you are using container-managed security in tomcat, then you should be 
aware that tomcat has not implemented a pathway between JAAS and the session 
which provides any more than the transfer of the username and the roles.

Whatever else you put in your principal is discarded.

I am not sure why you are losing your roles as well. I have completely 
different code for a JBoss implementation.


Mark Benussi on 08/08/05 19:24, wrote:
>I am implementing my first JAAS implementation and have some
>problems/questions.
>
>Firstly my commit method of my LoginModule does the following (User and 
>Role
>both implement Principal)
>
>// Create a new User Principal with the user name retrieved from the
>NameCallback
>User user = new User(username);
>// Add the principal to the subject
>subject.getPrincipals().add(user);
>
>for (int i = 0; i < roles.length; i++) {
>	// Iterate the role names retrieved from the database lookup
>        String roleName = roles[i];
>        // Create a new Role Principal with the role name
>	Role role = new Role(roleName);
>	// Add it to the public credentials to see if it works
>	subject.getPublicCredentials().add(role);
>	// Add it to the private credentials to see if it works
>	subject.getPrivateCredentials().add(role);
>}
>return true;
>
>In the JSP that the application returns to after doing form based
>authentication the following occurs
>
><p>Subject = <%= Subject.getSubject(AccessController.getContext()) %></p>
><p>Remote User = <%= request.getRemoteUser() %></p>
><p>User Prinicipal = <%= request.getUserPrincipal() %></p>
>
>But this produces
>
>Subject = null
>Remote User = administrator
>User Prinicipal = GenericPrincipal[administrator()]
>Why is the subject null please?
>
>The request.isUserInRole() methods for the role names I added to the 
>subject
>also return false... has anyone got some helpful ideas please?
>
>If more source is needed I can gladly provide it if will help
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: My first JAAS implementation. A few questions.

Posted by Adam Hardy <ah...@cyberspaceroad.com>.

Hi Mark,

this wasn't really Struts but here goes anyway since I happen to know.

If you are using container-managed security in tomcat, then you should 
be aware that tomcat has not implemented a pathway between JAAS and the 
session which provides any more than the transfer of the username and 
the roles.

Whatever else you put in your principal is discarded.

I am not sure why you are losing your roles as well. I have completely 
different code for a JBoss implementation.


Mark Benussi on 08/08/05 19:24, wrote:
> I am implementing my first JAAS implementation and have some
> problems/questions.
> 
> Firstly my commit method of my LoginModule does the following (User and Role
> both implement Principal)
> 
> // Create a new User Principal with the user name retrieved from the
> NameCallback
> User user = new User(username);
> // Add the principal to the subject
> subject.getPrincipals().add(user);
> 
> for (int i = 0; i < roles.length; i++) {
> 	// Iterate the role names retrieved from the database lookup
>        String roleName = roles[i];
>        // Create a new Role Principal with the role name
> 	Role role = new Role(roleName);
> 	// Add it to the public credentials to see if it works
> 	subject.getPublicCredentials().add(role);
> 	// Add it to the private credentials to see if it works
> 	subject.getPrivateCredentials().add(role);
> }
> return true;
> 
> In the JSP that the application returns to after doing form based
> authentication the following occurs
> 
> <p>Subject = <%= Subject.getSubject(AccessController.getContext()) %></p>
> <p>Remote User = <%= request.getRemoteUser() %></p>
> <p>User Prinicipal = <%= request.getUserPrincipal() %></p>
> 
> But this produces
> 
> Subject = null
> Remote User = administrator
> User Prinicipal = GenericPrincipal[administrator()]
> Why is the subject null please?
> 
> The request.isUserInRole() methods for the role names I added to the subject
> also return false... has anyone got some helpful ideas please?
> 
> If more source is needed I can gladly provide it if will help
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org