Marcel Rovira [https://community.jboss.org/people/marcel.rovira] created the discussion
"Custom principal is not propagated to ejb session context (resteasy3 + oauth)" To view the discussion, visit: https://community.jboss.org/message/826545#826545 -------------------------------------------------------------- Hello, I'm using resteasy 3.0.1 Final with oauth in JBoss 6.1 EAP and my custom principal class is not propagated to sessioncontext in an EJB3. Oauth is configured as BearerTokenAuthenticator My login-module configuration in standalone.xml to use extended login module <login-module code="es.gc.epsilon.secure.api.shared.resources.MyDatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName" value="java:jboss/datasources/EpsilonXADS"/> <module-option name="principalsQuery" value="select PASSWORD from EP_USER where name=?"/> <module-option name="rolesQuery" value="select ROLE_NAME, 'Roles' from EP_USER_ROLE where USER_NAME = ?"/> <module-option name="hashAlgorithm" value="MD5"/> <module-option name="hashEncoding" value="base64"/> <module-option name="unauthenticatedIdentity" value="guest"/> </login-module> My DatabaseServerLoginModule: public class MyDatabaseServerLoginModule extends DatabaseServerLoginModule { @Override protected java.security.Principal createIdentity(String username) throws Exception { System.out.println("createIdentity BEGIN"); MyCustomPrincipal p = null; if (principalClassName == null) { p = new MyCustomPrincipal(username); } else { p = (MyCustomPrincipal) super.createIdentity(username); } return p; } ... My custom principal public class MyCustomPrincipal extends SimplePrincipal implements Serializable { private static final long serialVersionUID = 1L; private String tenant; public MyCustomPrincipal(String name) { super(name); // TODO Auto-generated constructor stub } ... My oauth server configuration: *jboss-web.xml* <jboss-web> <security-domain>java:/jaas/jaasEpsilon</security-domain> <valve> <class-name>org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve</class-name> </valve> </jboss-web> My api rest configuration project: *web.xml* <login-config> <auth-method>BASIC</auth-method> <realm-name>jaasEpsilon</realm-name> </login-config> <security-constraint> <web-resource-collection> <web-resource-name>All resources</web-resource-name> <description>Protects all resources</description> <url-pattern>/api/secure/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> <role-name>employee</role-name> </auth-constraint> </security-constraint> <context-param> <param-name>resteasy.role.based.security</param-name> <param-value>true</param-value> </context-param> *jboss-deployment-structure* <jboss-deployment-structure> <deployment> <dependencies> <module name="org.jboss.resteasy.resteasy-jaxrs" services="import"/> <module name="org.jboss.resteasy.resteasy-jackson-provider" services="import"/> <module name="org.jboss.resteasy.skeleton-key"/> </dependencies> </deployment> </jboss-deployment-structure> *jboss-web.xml* <jboss-web> <valve> <class-name>org.jboss.resteasy.skeleton.key.as7.BearerTokenAuthenticatorValve</class-name> </valve> </jboss-web> >From an EJB I extract principal info as @Resource(name = "sessionContext") private SessionContext sctx; ... Principal principal = sctx.getCallerPrincipal(); if (!(principal instanceof MyCustomPrincipal)) { System.out.println("I expected a " + MyCustomPrincipal.class.getName() + " but got a " + principal.getClass().getName() + " instead !!!!!!"); and the result is: I expected a es.gc.epsilon.secure.api.shared.resources.MyCustomPrincipal but got a org.jboss.resteasy.skeleton.key.SkeletonKeyPrincipal instead Is this a bug, is there another way to retrieve the caller principal, is there any wrong configuration? Thanks. -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/826545#826545] Start a new discussion in EJB3 at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2029]
_______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
