Hello,

I'm using resteasy 3.0.1 Final with oauth in JBoss 6.1 EAP and my custom
principal class is not propagated to sessioncontext in an EJB3.
Oauth is configured as BearerTokenAuthenticator only

My login-module configuration in standalone.xml to use extended login module

<login-module
code="es.gc.epsilon.secure.api.shared.resources.MyDatabaseServerLoginModule"
flag="required">
 <module-option name="dsJndiName"
value="java:jboss/datasources/EpsilonXADS"/>
 <module-option name="principalsQuery" value="select PASSWORD from EP_USER
where name=?"/>
 <module-option name="rolesQuery" value="select ROLE_NAME, 'Roles' from
EP_USER_ROLE where USER_NAME = ?"/>
 <module-option name="hashAlgorithm" value="MD5"/>
 <module-option name="hashEncoding" value="base64"/>
 <module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>

My DatabaseServerLoginModule:

public class MyDatabaseServerLoginModule extends DatabaseServerLoginModule {

  @Override
  protected java.security.Principal createIdentity(String username) throws
Exception {

    System.out.println("createIdentity BEGIN");

    MyCustomPrincipal p = null;
    if (principalClassName == null) {
      p = new MyCustomPrincipal(username);
    } else {
      p = (MyCustomPrincipal) super.createIdentity(username);
    }

    return p;
  }
...


My custom principal


public class MyCustomPrincipal extends SimplePrincipal implements
Serializable {

  private static final long serialVersionUID = 1L;

  private String tenant;

  public MyCustomPrincipal(String name) {
    super(name);
    // TODO Auto-generated constructor stub
  }
...


My oauth server configuration:

jboss-web.xml
<jboss-web>
    <security-domain>java:/jaas/jaasEpsilon</security-domain>
    <valve>

<class-name>org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve</class-name>
    </valve>
</jboss-web>


My api rest configuration project:

web.xml

 <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>jaasEpsilon</realm-name>
 </login-config>

  <security-constraint>
  <web-resource-collection>
   <web-resource-name>All resources</web-resource-name>
   <description>Protects all resources</description>
   <url-pattern>/api/secure/*</url-pattern>
   <http-method>GET</http-method>
   <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
   <role-name>admin</role-name>
   <role-name>employee</role-name>
  </auth-constraint>
 </security-constraint>

    <context-param>
      <param-name>resteasy.role.based.security</param-name>
      <param-value>true</param-value>
   </context-param>

jboss-deployment-structure

<jboss-deployment-structure>
    <deployment>
        <dependencies>
            <module name="org.jboss.resteasy.resteasy-jaxrs"
services="import"/>
            <module name="org.jboss.resteasy.resteasy-jackson-provider"
services="import"/>
            <module name="org.jboss.resteasy.skeleton-key"/>
        </dependencies>
    </deployment>
</jboss-deployment-structure>

jboss-web.xml
<jboss-web>
    <valve>

<class-name>org.jboss.resteasy.skeleton.key.as7.BearerTokenAuthenticatorValve</class-name>
    </valve>
</jboss-web>


>From an EJB I extract principal info as

@Resource(name = "sessionContext")
private SessionContext sctx;
...
Principal principal = sctx.getCallerPrincipal();

if (!(principal instanceof MyCustomPrincipal)) {
  System.out.println("I expected a " + MyCustomPrincipal.class.getName() +
" but got a "
    + principal.getClass().getName() + " instead !!!!!!");



and the result is:

I expected a es.gc.epsilon.secure.api.shared.resources.MyCustomPrincipal
but got a org.jboss.resteasy.skeleton.key.SkeletonKeyPrincipal instead

Is this a bug, is there another way to retrieve the caller principal, is
there any wrong configuration?

Thanks.

Marcel.
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users

Reply via email to