Hello Forum, seam 1.1.6.GA jboss-4.0.5.GA ajax4jsf-1.0.6 Facelets
I am trying out the new seam security. I want to use the JAAS security as described in sec. 12.2.5.1 of the ref manual. I would like to know if there is a working example anywhere I could look at. What I have tried is: We have our own policy & I have set the jaas-config-name accordingly. Note that I saw the bug report about the documentation and am using "jaas-config-name" instead of "jaasConfigName". In my components.xml I have the following: | <security:identity jaas-config-name="centina"/> | My login action authenticates like so: | .... | identity.setUsername(j_username); | identity.setPassword(j_password); | log.debug( "LoginAction: Identity Login result " + identity.login() ) ; | .... | I removed the login-config an security-constraint tags from my web.xml My web.xml now contains no JAAS security stuff in it. When I give it a try, I find that the initial authentication works, calling our authenticator as expected, & the identity.login() returns "success". But the next call I make fails (see exception, below). This seems to be due to the authentication prinicplal not being saved anywhere? The stack trace shows a re-authentication attempt. I looked at the source for JBossSecurityMgrRealm etc., to see how "they did it" and noticed the following is executed if the authentication passes: ( line 494 ) | ... | SecurityAssociationActions.setPrincipalInfo(principal, certs,subject); | . .. | The Seam Identity object does not do this (explicity anyway) as far as I can tell. I tried to call SecurityAssociationActions.setPrincipalInfo() myself after my authentication, in my login action, but can't do so as the class is not public. I suppose that this really means I shouldn't try to do it this way :) I get the following failure. This exception is thrown because the username passed in is null. The username is normally set by UsernamePasswordLoginModule.getUsernameAndPassword() via callback functions. Anyway, my exception is: | javax.security.auth.login.LoginException: No username specified | at centina.sa.server.security.SecurityManagerLoginModule.createIdentity(SecurityManagerLoginModule.java:59) | at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:194) | at centina.sa.server.security.SecurityManagerLoginModule.login(SecurityManagerLoginModule.java:126) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) | at javax.security.auth.login.LoginContext.login(LoginContext.java:579) | at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601) | at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535) | at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344) | at org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:123) | at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:66) | at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:102) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) | at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) | at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) | at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:211) | at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:79) | at $Proxy1105.getUser(Unknown Source) | ..... | Here is the Thread.dumpStack() of the successful authentication by the Identity.login() method: | java.lang.Exception: Stack trace | at java.lang.Thread.dumpStack(Thread.java:1158) | at centina.sa.server.security.SecurityManager.completeLogin(SecurityManager.java:507) | at centina.sa.server.security.SecurityManagerLoginModule.commit(SecurityManagerLoginModule.java:180) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) | at javax.security.auth.login.LoginContext.login(LoginContext.java:580) | at org.jboss.seam.security.Identity.authenticate(Identity.java:206) | at org.jboss.seam.security.Identity.authenticate(Identity.java:199) | at org.jboss.seam.security.Identity.login(Identity.java:184) | at centina.sa.client.session.LoginAction.login(LoginAction.java:158) | ..... | Any ideas (esp. an example) would be much appreciated. Thanks, PdP View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4024493#4024493 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4024493 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
