Re: securityContext.getUserPrincipal() in JAX-RS return unexpected RolePrincipal. Why?

Fri, 03 Aug 2018 00:23:51 -0700 

Hi Paul,

can you share your security-config.xml ?

And do you use the realm via the CxfJaasInterceptor or via your own code ?

Regards
JB

On 03/08/2018 08:14, Paul Spencer wrote:
> JB,
> I have several realms defined in Karaf, but the bundle is configured to only 
> uses one. In this case the realm is backed by a database and contains two 
> users. 
> 
> Paul Spencer
> 
>> On Aug 3, 2018, at 12:52 AM, Jean-Baptiste Onofré <[email protected]> wrote:
>>
>> Hi Paul,
>>
>> Some questions:
>>
>> 1. Do you have a single realm ?
>> 2. Aladdin is defined in a unique login module or realm ?
>>
>> In your case, you should get the role principal for the user I guess.
>>
>> Regards
>> JB
>>
>>> On 02/08/2018 20:56, Paul Spencer wrote:
>>> Karaf 4.2
>>> I have a JAX-RS Service implemented with CXF features and uses Karaf's JAAS
>>> authorization. Depending on the number of roles defined for a user,
>>> securityContext.getUserPrincipal() may return a UserPrincipal or a
>>> RolePrincipal.  In all cases I expect UserPrincipal because I expect
>>> securityContext.getUserPrincipal().getName() to be the username logged in.
>>>
>>> Role Count   Return Principal
>>> ------------- --------------------------------------------------
>>>     0           org.apache.karaf.jaas.boot.principal.UserPrincipal
>>>     1           org.apache.karaf.jaas.boot.principal.UserPrincipal
>>> 2 or more   org.apache.karaf.jaas.boot.principal.RolePrincipal
>>>
>>> karaf@root(jaas)> user-list                                                 
>>>                                                                             
>>>                                                                             
>>>        
>>> User Name │ Group │ Role
>>> ──────────┼───────┼───────
>>> Aladdin   │       │ VIEW
>>> Aladdin   │       │ UPDATE
>>> Foo        │       │
>>>
>>> For the above users, securityContext.getUserPrincipal().getName() returns
>>> "UPDATE" when Aladdin is logged in.
>>>
>>> Why am I not seeing the expected behavior?
>>>
>>> Paul Spencer
>>>
>>>
>>>
>>> --
>>> Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
>>>
>>
>> -- 
>> Jean-Baptiste Onofré
>> [email protected]
>> http://blog.nanthrax.net
>> Talend - http://www.talend.com
> 

-- 
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com

Reply via email to