Please explain me.
I encounter with one interesting bug which prevent me from further development.
Please, help me! I wrote test page. You can use it to understand the problem:
| <%@ page import="org.jboss.security.SecurityAssociation,
| java.io.PrintWriter,
| javax.security.auth.Subject,
| java.security.PrivilegedExceptionAction,
| java.security.AccessControlContext,
| java.security.AccessController,
| javax.security.auth.login.LoginContext,
| javax.security.auth.login.LoginException,
| java.util.HashMap,
| java.io.IOException,
| javax.security.auth.callback.*"%><html>
| <head>
| <title>
| Security Test
| </title>
| </head>
| <body>
| <%!
| private HashMap map = new HashMap();
| public class MyCallbackHandler implements CallbackHandler
| {
| private String name = null;
| private String password = null;
|
| public MyCallbackHandler(String name, String password)
| {
| this.name = name;
| this.password = password;
| }
|
| public void handle(Callback[] callbacks)
| throws IOException, UnsupportedCallbackException
| {
| for (int i = 0; i < callbacks.length; i++)
| {
| Callback callback = callbacks;
| if(callback instanceof PasswordCallback)
| {
| PasswordCallback pc = (PasswordCallback) callback;
| pc.setPassword(password.toCharArray());
| }
| else if(callback instanceof NameCallback)
| {
| NameCallback nc = (NameCallback) callback;
| nc.setName(name);
| }
| }
| }
| }
| public Subject getSubject(String user, String password) throws LoginException
| {
| Subject ret = (Subject) map.get(user);
| if (ret==null)
| {
| LoginContext lc = new LoginContext("!YOURDOMAIN!",new
MyCallbackHandler(user,password));
| lc.login();
| ret = lc.getSubject();
| map.put(user,ret);
| }
| return ret;
| }
| %>
| Curent sycurity:<br>
| request.getUserPrincipal() <%=request.getUserPrincipal()%><br>
| SecurityAssociation.getPrincipal() <%=SecurityAssociation.getPrincipal()%><br>
| SecurityAssociation.getPrincipal().getClass()
<%=SecurityAssociation.getPrincipal().getClass()%><br>
| SecurityAssociation.getSubject() <%=SecurityAssociation.getSubject()%><br>
| doAs internal:<br>
| <%final JspWriter outWriter = out;
| Subject.doAs(getSubject("guest","guest"),new PrivilegedExceptionAction()
| {
| public Object run() throws Exception
| {
| outWriter.println("SecurityAssociation.getPrincipal()
"+SecurityAssociation.getPrincipal()+"<br>");
| outWriter.println("SecurityAssociation.getPrincipal().getClass()
"+SecurityAssociation.getPrincipal().getClass()+"<br>");
| outWriter.println("SecurityAssociation.getSubject()
"+SecurityAssociation.getSubject()+"<br>");
| return null;
| }
| });
| %>
| Curent sycurity:<br>
| request.getUserPrincipal() <%=request.getUserPrincipal()%><br>
| SecurityAssociation.getPrincipal() <%=SecurityAssociation.getPrincipal()%><br>
| SecurityAssociation.getPrincipal().getClass()
<%=SecurityAssociation.getPrincipal().getClass()%><br>
| SecurityAssociation.getSubject() <%=SecurityAssociation.getSubject()%><br>
| doAsPrincipal<br>
| <%
| Subject.doAsPrivileged(getSubject("internal","internal"),new
PrivilegedExceptionAction()
| {
| public Object run() throws Exception
| {
| outWriter.println("SecurityAssociation.getPrincipal()
"+SecurityAssociation.getPrincipal()+"<br>");
| outWriter.println("SecurityAssociation.getPrincipal().getClass()
"+SecurityAssociation.getPrincipal().getClass()+"<br>");
| outWriter.println("SecurityAssociation.getSubject()
"+SecurityAssociation.getSubject()+"<br>");
| return null;
| }
| },AccessController.getContext());
| %>
|
| </body>
| </html>
|
Where:
!YOURDOMAIN! - your security domain - please change it!
Also JSP use users principals fro "guest" with password "guest" and "internal" with
password "internal". You can change this users names too to fit your users set.
And as a result of JSP I got:
| Curent sycurity:
| request.getUserPrincipal() phantom
| SecurityAssociation.getPrincipal() phantom
| SecurityAssociation.getPrincipal().getClass() class
| XXX.security.UserPrincipal
| SecurityAssociation.getSubject() Subject: Principal: phantom
| Principal:
Roles(members:all(members),administrators(members),phantom,administrators(members))
| doAs internal:
| SecurityAssociation.getPrincipal() phantom
| SecurityAssociation.getPrincipal().getClass() class XXX.security.UserPrincipal
| SecurityAssociation.getSubject() Subject: Principal: phantom
| Principal:
Roles(members:all(members),administrators(members),phantom,administrators(members))
| Curent sycurity:
| request.getUserPrincipal() phantom
| SecurityAssociation.getPrincipal() phantom
| SecurityAssociation.getPrincipal().getClass() class XXX.security.UserPrincipal
| SecurityAssociation.getSubject() Subject: Principal: phantom
| Principal:
Roles(members:all(members),administrators(members),phantom,administrators(members))
| doAsPrincipal
| SecurityAssociation.getPrincipal() phantom
| SecurityAssociation.getPrincipal().getClass() class XXX.security.UserPrincipal
| SecurityAssociation.getSubject() Subject: Principal: phantom
| Principal:
Roles(members:all(members),administrators(members),phantom,administrators(members))
|
where XXX - mypackages and my custom user principal and "phantom" my user principal
which i used to logon to the system.
And as you can see: doAs didn't effect SecurityAssociation!!! Please help me! I need
in doAs because we store users paramters by entity EJB and I need to have access to
this EJBs from LoginModule and I think to use "internal" user to resolve this problem!
Also we need to use SecurityAssociation because in our code a lot of simple java
classes (not EJB or JSP pages) where we use user principals.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3828118#3828118
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3828118
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
