Hi,
Jboss 4.0.1sp1 seems to have the possibility to authenticate against roles.
However this didn't work. Looking at the source code, it seems that you forgot
to register the subject with the SecurityAssociation class in the class
org.jboss.net.axis.server.JBossAuthenticationHandler. Here is what the
validate method becomes if we do so:
anonymous wrote : /** validates the given principal with the given password */
| protected Subject validate(Principal userPrincipal, String passwd)
throws AxisFault
| {
| // build passchars
| char[] passChars = passwd != null ? passwd.toCharArray() : null;
| // do the validation only if authenticated or validation enforced
| Subject subject = null;
| if (shouldValidateUnauthenticatedCalls || userPrincipal !=
NobodyPrincipal.NOBODY_PRINCIPAL)
| {
| subject = new Subject();
| //isValid will setup the subject !
| // have to use pointer comparison here, but itÃÂÂs a singleton,
right?
| if (!authMgr.isValid(userPrincipal, passChars, subject))
| {
| throw new AxisFault("Server.Unauthenticated",
| org.apache.axis.utils.Messages.getMessage
| ("cantAuth01",
| userPrincipal.getName()),
| null, null);
| }
| SecurityAssociation.setSubject(subject);
| }
| return subject;
| }
|
I also removed the class associate as it is no more used (this method only
authenticate based on the principal and the credential, not the roles I think).
I hope this would help. I do not know if this is the right fixed even if this
seems to work (and roles are now working, great!).
Nicolas Leroux
Lunatech Research
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3869174#3869174
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3869174
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id�396&op=click
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
