I am new to JAAS. I try to use my own loginaction instead j_security_check. The
problem is request.isUserInRole() always returns false for all roles. Can
somebody tell me what i do wrong?
------login-config.xml-----------------------
<application-policy name="MyRealm">
<!-- <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
flag="required"> -->
<login-module
code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial">
com.sun.jndi.ldap.LdapCtxFactory
</module-option>
<module-option name="java.naming.provider.url">
ldap://localhost:389/
</module-option>
<module-option name="java.naming.security.authentication">
simple
</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">
,ou=Site-159,dc=abercane
</module-option>
<module-option name="rolesCtxDN">
ou=Roles,ou=Site-159,dc=abercane
</module-option>
<module-option
name="uidAttributeID">uniqueMember</module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
</login-module>
</application-policy>
----------end login-config.xml------------
------------- action class----------------------
/*
* Created on Jan 21, 2005
*
* TODO To change the template for this generated file go to Window -
* Preferences - Java - Code Style - Code Templates
*/
import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionMessages;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.callback.SecurityAssociationHandler;
public final class UserLogonAction extends Action {
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse arg3)
throws Exception {
HttpSession session = request.getSession(false);
Subject subject = null;
if (session == null) {
request.getSession(true);
}
UserLoginForm mform = (UserLoginForm) form;
ActionMessages errors = mform.validate(mapping, request);
String userName = mform.getUserName();
String password = mform.getPassword();
try {
SecurityAssociationHandler handler = new
SecurityAssociationHandler();
Principal principal = new SimplePrincipal(userName);
handler.setSecurityInfo(principal,
password.toCharArray());
LoginContext loginContext = new LoginContext("MyRealm",
(CallbackHandler) handler);
loginContext.login();
subject = loginContext.getSubject();
SecurityAssociation.setPrincipal(principal);
SecurityAssociation.setCredential(password.toCharArray());
SecurityAssociation.setSubject(subject);
} catch (LoginException e) {
System.out.println("Error LoginException: " + e);
}
if (request.isUserInRole("Admin")) {
return mapping.findForward("Admin");
} else if (request.isUserInRole("ViewBills")) {
return mapping.findForward("ViewBills");
} else {
return mapping.findForward("failure");
}
}
}
-------------- end ---------------------------------
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3865650#3865650
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3865650
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
