Hello Bill,

I've got the same problem as "marcel rovira" posted on 5 Jul 2013 10:48.
If you need more information or whatever to solve it, just ask.

Thanks a lot.


Bill Burke <bburke@...> writes:

>
> ON vacation, I'll look into it on Monday and provide a patch soon after.
>   I probably just didn't propagate the context.
>
> On 7/5/2013 4:48 AM, marcel rovira wrote:
> > Hello,
> >
> > I'm using resteasy 3.0.1 Final with oauth in JBoss 6.1 EAP and my custom
> > principal class is not propagated to sessioncontext in an EJB3.
> > Oauth is configured as BearerTokenAuthenticator only
> >
> > My login-module configuration in standalone.xml to use extended login
module
> >
> > <login-module
> >
code="es.gc.epsilon.secure.api.shared.resources.MyDatabaseServerLoginModule"
> > flag="required">
> >   <module-option name="dsJndiName"
> > value="java:jboss/datasources/EpsilonXADS"/>
> >   <module-option name="principalsQuery" value="select PASSWORD from
> > EP_USER where name=?"/>
> >   <module-option name="rolesQuery" value="select ROLE_NAME, 'Roles' from
> > EP_USER_ROLE where USER_NAME = ?"/>
> >   <module-option name="hashAlgorithm" value="MD5"/>
> >   <module-option name="hashEncoding" value="base64"/>
> >   <module-option name="unauthenticatedIdentity" value="guest"/>
> > </login-module>
> >
> > My DatabaseServerLoginModule:
> >
> > public class MyDatabaseServerLoginModule extends
DatabaseServerLoginModule {
> >
> >     <at> Override
> >    protected java.security.Principal createIdentity(String username)
> > throws Exception {
> >
> >      System.out.println("createIdentity BEGIN");
> >
> >      MyCustomPrincipal p = null;
> >      if (principalClassName == null) {
> >        p = new MyCustomPrincipal(username);
> >      } else {
> >        p = (MyCustomPrincipal) super.createIdentity(username);
> >      }
> >
> >      return p;
> >    }
> > ...
> >
> >
> > My custom principal
> >
> >
> > public class MyCustomPrincipal extends SimplePrincipal implements
> > Serializable {
> >
> >    private static final long serialVersionUID = 1L;
> >
> >    private String tenant;
> >
> >    public MyCustomPrincipal(String name) {
> >      super(name);
> >      // TODO Auto-generated constructor stub
> >    }
> > ...
> >
> > My oauth server configuration:
> >
> > jboss-web.xml
> > <jboss-web>
> >      <security-domain>java:/jaas/jaasEpsilon</security-domain>
> >      <valve>
> >
> >
<class-name>org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve</class-name>
> >      </valve>
> > </jboss-web>
> >
> >
> > My api rest configuration project:
> >
> > web.xml
> >
> >   <login-config>
> >    <auth-method>BASIC</auth-method>
> >    <realm-name>jaasEpsilon</realm-name>
> >   </login-config>
> >
> >    <security-constraint>
> >    <web-resource-collection>
> >     <web-resource-name>All resources</web-resource-name>
> >     <description>Protects all resources</description>
> >     <url-pattern>/api/secure/*</url-pattern>
> >     <http-method>GET</http-method>
> >     <http-method>POST</http-method>
> >    </web-resource-collection>
> >    <auth-constraint>
> >     <role-name>admin</role-name>
> >     <role-name>employee</role-name>
> >    </auth-constraint>
> >   </security-constraint>
> >      <context-param>
> >        <param-name>resteasy.role.based.security</param-name>
> >        <param-value>true</param-value>
> >     </context-param>
> > jboss-deployment-structure
> >
> > <jboss-deployment-structure>
> >      <deployment>
> >          <dependencies>
> >              <module name="org.jboss.resteasy.resteasy-jaxrs"
> > services="import"/>
> >              <module name="org.jboss.resteasy.resteasy-jackson-provider"
> > services="import"/>
> >              <module name="org.jboss.resteasy.skeleton-key"/>
> >          </dependencies>
> >      </deployment>
> > </jboss-deployment-structure>
> >
> > jboss-web.xml
> > <jboss-web>
> >      <valve>
> >
> >
<class-name>org.jboss.resteasy.skeleton.key.as7.BearerTokenAuthenticatorValve</class-name>
> >      </valve>
> > </jboss-web>
> >
> >
> >  From an EJB I extract principal info as
> >
> >  <at> Resource(name = "sessionContext")
> > private SessionContext sctx;
> > ...
> > Principal principal = sctx.getCallerPrincipal();
> > if (!(principal instanceof MyCustomPrincipal)) {
> >    System.out.println("I expected a " +
> > MyCustomPrincipal.class.getName() + " but got a "
> >      + principal.getClass().getName() + " instead !!!!!!");
> >
> >
> >
> > and the result is:
> > I expected a es.gc.epsilon.secure.api.shared.resources.MyCustomPrincipal
> > but got a org.jboss.resteasy.skeleton.key.SkeletonKeyPrincipal instead
> >
> > Is this a bug, is there another way to retrieve the caller principal, is
> > there any wrong configuration?
> >
> > Thanks.
> >
> > Marcel.
> >
> >
> >
------------------------------------------------------------------------------
> > This SF.net email is sponsored by Windows:
> >
> > Build for Windows Store.
> >
> > http://p.sf.net/sfu/windows-dev2dev
> >
> >
> >
> > _______________________________________________
> > Resteasy-users mailing list
> > Resteasy-users@...
> > https://lists.sourceforge.net/lists/listinfo/resteasy-users
> >
>
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users

Reply via email to