Hi again.. well i have changed my servlet code; now it's this one: import java.lang.reflect.InvocationTargetException; | import java.lang.reflect.Method; | import java.security.PrivilegedAction; | import java.security.PrivilegedActionException; | import java.security.PrivilegedExceptionAction; | import java.security.Principal; | | import java.util.Set; | import java.util.Iterator; | | import javax.security.auth.Subject; | import javax.security.auth.callback.Callback; | import javax.security.auth.callback.CallbackHandler; | import javax.security.auth.callback.NameCallback; | import javax.security.auth.callback.PasswordCallback; | import javax.security.auth.callback.TextOutputCallback; | import javax.security.auth.callback.UnsupportedCallbackException; | import javax.security.auth.login.LoginContext; | import javax.security.auth.login.LoginException; | import javax.servlet.Filter; | import javax.servlet.FilterChain; | import javax.servlet.FilterConfig; | import javax.servlet.ServletException; | import javax.servlet.ServletRequest; | import javax.servlet.ServletResponse; | import javax.servlet.http.HttpServletRequest; | import javax.servlet.http.HttpServletResponse; | import javax.servlet.http.HttpServlet; | import javax.servlet.http.HttpSession; | | import java.io.IOException; | | public class Dispatcher extends HttpServlet { | | /** The WLS security class. Indicates if WLS security is used. */ | private Class wlsSec = null; | | /** The context used for the login and logout operations */ | private LoginContext loginContext; | private static final org.apache.commons.logging.Log logger | = org.apache.commons.logging.LogFactory.getLog | (Dispatcher.class); | | private String applicationPolicy = "client-login"; | | //Initialize global variables | public void init() throws ServletException { | } | | //Process the HTTP Get request | public void doGet(HttpServletRequest request, HttpServletResponse response) throws | ServletException, IOException { | doPost( request, response ); | } | | //Process the HTTP Post request | public void doPost(HttpServletRequest request, HttpServletResponse response) throws | ServletException, IOException { | | String username = request.getParameter( "username" ); | String password = request.getParameter( "password" ); | System.out.println( "Tento login con username: ["+ username+ "] e password: ["+password+"]" + " Il principal à nullo? "+ ( request.getUserPrincipal() ) ); | request.getRequestDispatcher( "/processDef.jsp" ).forward( request, response ); | //response.sendRedirect( "processDef.jsp" ); | | } | | //Clean up resources | public void destroy() { | } | }
While my filter code is: import java.io.IOException; | | import java.util.Set; | import java.util.Iterator; | import java.util.Enumeration; | | import java.lang.reflect.InvocationTargetException; | import java.lang.reflect.Method; | | import java.security.PrivilegedAction; | import java.security.PrivilegedActionException; | import java.security.PrivilegedExceptionAction; | import java.security.Principal; | | | import javax.security.auth.Subject; | import javax.security.auth.callback.Callback; | import javax.security.auth.callback.CallbackHandler; | import javax.security.auth.callback.NameCallback; | import javax.security.auth.callback.PasswordCallback; | import javax.security.auth.callback.TextOutputCallback; | import javax.security.auth.callback.UnsupportedCallbackException; | import javax.security.auth.login.LoginContext; | import javax.security.auth.login.LoginException; | | import javax.servlet.Filter; | import javax.servlet.FilterChain; | import javax.servlet.FilterConfig; | import javax.servlet.ServletException; | import javax.servlet.ServletRequest; | import javax.servlet.ServletResponse; | import javax.servlet.http.HttpServletRequest; | | import org.jboss.security.SimplePrincipal; | | import de.danet.an.workflow.api.WorkflowServiceFactory; | import de.danet.an.workflow.api.WorkflowService; | | public class LoginFilter implements Filter { | | private String applicationPolicy = null; | private static final org.apache.commons.logging.Log logger | = org.apache.commons.logging.LogFactory.getLog | (LoginFilter.class); | | /** | * Simple login context for authentication. | */ | private static class LoginFilterLoginContext extends LoginContext { | | private static class CBH implements CallbackHandler { | private String userName = null; | private String password = null; | | public CBH(String userName, String password) { | this.userName = userName; | this.password = password; | } | | public void handle(Callback[] callbacks) throws | UnsupportedCallbackException, IOException { | | for (int i = 0; i < callbacks.length; i++) { | if (callbacks instanceof TextOutputCallback) { | // display the message according to the specified type | TextOutputCallback toc | = (TextOutputCallback) callbacks; | switch (toc.getMessageType()) { | case TextOutputCallback.INFORMATION: | System.err.println(toc.getMessage()); | break; | case TextOutputCallback.ERROR: | System.err.println("ERROR: " + toc.getMessage()); | break; | case TextOutputCallback.WARNING: | System.err.println("WARNING: " + toc.getMessage()); | break; | default: | throw new IOException | ("Unsupported message type: " | + toc.getMessageType()); | } | } else if (callbacks instanceof NameCallback) { | // prompt the user for a username | NameCallback nc = (NameCallback) callbacks; | nc.setName(userName); | } else if (callbacks instanceof PasswordCallback) { | // prompt the user for sensitive information | PasswordCallback pc = (PasswordCallback) callbacks; | pc.setPassword(password.toCharArray()); | } else if (callbacks.getClass().getName().equals | ("weblogic.security.auth.callback.URLCallback")) { | } else { | throw new UnsupportedCallbackException | (callbacks, "Unrecognized Callback \"" | + callbacks.getClass().getName() + "\""); | } | } | } | } | | | public LoginFilterLoginContext | (String applicationPolicy, String userName, String password) throws | LoginException { | super(applicationPolicy, new CBH(userName, password)); | } | } | | | /** The WLS security class. Indicates if WLS security is used. */ | private Class wlsSec = null; | | /** The context used for the login and logout operations */ | private LoginContext loginContext; | | /** | * Initialize the filter. | * | * @param filterConfig the filter configuration information | * @throws ServletException if the login context cannot be created | */ | public void init(FilterConfig filterConfig) throws ServletException { | // first, find out if we have WLS security | try { | wlsSec = Thread.currentThread().getContextClassLoader() | .loadClass("weblogic.security.Security"); | } catch (ClassNotFoundException e) { | // OK, not WLS client | logger.debug("No WLS security class, not using WLS security"); | } | | // now get the parameters | applicationPolicy | = filterConfig.getInitParameter("ApplicationPolicy"); | if (applicationPolicy == null) { | applicationPolicy = "client-login"; | } | } | | /** | * Do nothing. | */ | public void destroy() {} | | /** | * Perform a login, call the next filter on the filter chain and | * perform a logout. | * | * @param request the request | * @param response the response | * @param chain the filter chain | * @throws IOException IOException | * @throws ServletException ServletException | */ | public void doFilter | (ServletRequest request, ServletResponse response, | FilterChain chain) throws IOException, ServletException { | | HttpServletRequest req = ((HttpServletRequest) (request)); | String userName = req.getParameter("username"); | String password = req.getParameter("password"); | if (logger.isDebugEnabled()) { | logger.debug("Configured to use application policy \"" | + applicationPolicy + "\", user name \"" | + userName + "\" and " | + (password == null ? " no password." | : "a (non-disclosed) password.")); | } | System.out.println("Username: " + userName + " password: " + password + | " applicationPolicy: " + applicationPolicy); | // finally, create login context | try { | loginContext = new LoginFilterLoginContext | (applicationPolicy, userName, password); | } catch (LoginException e) { | throw new ServletException | ("Cannot create LoginContext: " + e.getMessage(), e); | } | try { | loginContext.login(); | System.out.println("Login in LoginFilter ok"); | Subject subject = loginContext.getSubject(); | Set principals = subject.getPrincipals(); | Principal princ = null; | for (Iterator prinIter = principals.iterator(); prinIter.hasNext(); ) { | | princ = ((Principal) (prinIter.next())); | System.out.println(" Nome principal in LoginFilter: " + | princ.getName() + " ed à in ruolo? " + | req.isUserInRole("StaffManagementRole_0")); | } | } catch (LoginException e) { | throw new ServletException("Cannot login: " + e.getMessage(), e); | } | try { | if (wlsSec != null) { | // Use WLS security. Use reflection to avoid code | // dependency on WLS | try { | Class[] ats = new Class[] {Subject.class, PrivilegedAction.class}; | Method m = wlsSec.getMethod("runAs", ats); | final FilterChain chainArg = chain; | final ServletRequest reqArg = request; | final ServletResponse resArg = response; | Object[] args = new Object[] { | loginContext.getSubject(), | new PrivilegedExceptionAction() { | public Object run() throws Exception { | chainArg.doFilter(reqArg, resArg); | return null; | } | } | } ; | m.invoke(null, args); | } catch (NoSuchMethodException e) { | logger.error(e.getMessage(), e); | throw new IllegalStateException(e.getMessage()); | } catch (SecurityException e) { | logger.error(e.getMessage(), e); | throw new IllegalStateException(e.getMessage()); | } catch (IllegalAccessException e) { | logger.error(e.getMessage(), e); | throw new IllegalStateException(e.getMessage()); | } catch (InvocationTargetException e) { | if (e.getTargetException() | instanceof PrivilegedActionException) { | PrivilegedActionException pe | = (PrivilegedActionException) e. | getTargetException(); | if (pe.getException() instanceof IOException) { | throw (IOException) pe.getException(); | } | if (pe.getException() instanceof ServletException) { | throw (ServletException) pe.getException(); | } | } | logger.error(e.getMessage(), e); | throw new IllegalStateException(e.getMessage()); | } | } else { | // Use JBoss security. | chain.doFilter(request, response); | } | } finally { | try { | loginContext.logout(); | } catch (LoginException e) { | throw new ServletException | ("Cannot logout: " + e.getMessage(), e); | } | } | } | } Well i have noted that after the filter the servlet is called and this is good, but the principal in the servlet is null; infact my stack error trace is: anonymous wrote : 17:54:50,801 INFO [STDOUT] Username: ML password: ML applicationPolicy: danetworkflow-ia | 17:54:50,841 INFO [STDOUT] Login in LoginFilter ok | 17:54:50,841 INFO [STDOUT] Nome principal in LoginFilter: ML ed à in ruolo? false | 17:54:50,841 INFO [STDOUT] Nome principal in LoginFilter: CallerPrincipal ed à in ruolo? false | 17:54:50,841 INFO [STDOUT] Nome principal in LoginFilter: Roles ed à in ruolo? false | 17:54:50,841 INFO [STDOUT] Tento login con username: [ML] e password: [ML] Il principal à nullo? null | 17:54:50,951 ERROR [SecurityInterceptor] Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0], principalRoles=null | 17:54:50,951 ERROR [LogInterceptor] EJBException, causedBy: | java.lang.SecurityException: Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0], principalRoles=null | at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:229) | at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:83) | at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120) | at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93) | at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:319) | at org.jboss.ejb.Container.invoke(Container.java:743) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:324) | at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.java:60) | at org.jboss.mx.server.Invocation.dispatch(Invocation.java:61) | at org.jboss.mx.server.Invocation.dispatch(Invocation.java:53) | at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) | at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:185) | at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473) | at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:97) | at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:90) | at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46) | at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:53) | at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173) | at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85) | at $Proxy233.create(Unknown Source) | . | . | . | . | . I'm not able to understand why this happens.... can anybody show the right way in order to avoid this error? I have configured all the files named in the jaas how to.... bye View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3852953#3852953 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3852953 ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_idU88&alloc_id065&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user