[JBoss-user] [Security & JAAS/JBoss] - Problems with JAAS

Fri, 10 Feb 2006 12:46:03 -0800 

I setup a DatabaseServerLoginModule with a config that looks like this:


  | <policy>
  | 
  |     <application-policy name = "JawJaasDbRealm">
  |       <authentication>
  |           <login-module code = 
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
  |              flag = "required">
  |              <module-option 
name="unauthenticatedIdentity">guest</module-option>
  |              <module-option 
name="password-stacking">useFirstPass</module-option>
  |              <module-option 
name="dsJndiName">java:/JBossAtWorkDS</module-option>
  |              <module-option name="principalsQuery">SELECT PASSWORD FROM 
USER WHERE NAME=?</module-option>
  |              <module-option name="rolesQuery">SELECT ROLE.NAME, 'Roles' 
FROM ROLE, USER_ROLE, USER WHERE USER.NAME=? AND USER.ID=USER_ROLE.USER_ID AND 
ROLE.ID = USER_ROLE.USER_ID</module-option>
  |           </login-module>
  |        </authentication>
  |     </application-policy>  
  |     
  | </policy>
  | 

Now when I try to use my ejb from a remote client without authenticating...  i 
get an error about principal=null

But...  if I execute the following code in the remote member...

  |             System.out.println("Principal: '" + 
this.sessionCtx.getCallerPrincipal().getName() + "'");
  |             
  |             if(this.sessionCtx.isCallerInRole("guest"))
  |             {
  |                     System.out.println("Caller is in role 'guest'");
  |             }
  |             else
  |             {
  |                     System.out.println("Caller is NOT in role 'guest'");
  |             }
  | 

 i get the following output...



  | 15:33:57,320 INFO  [STDOUT] Principal: 'guest'
  | 15:33:57,320 INFO  [STDOUT] Caller is NOT in role 'guest'
  | 

Why is the role not "guest"?

And because of this...  I can't execute any remote methods that require role 
guest. 

Any help would be greatly appreciated. I am a J2EE newb so please be gentle.

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3923002#3923002

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3923002


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to