Hello just checked quickly browsing sources but seems you didnt define any constraints in web.xml so login is then "request scoped" only (ie the form authenticator doesn't cache the principal)
Romain Manni-Bucau @rmannibucau http://www.tomitribe.com http://rmannibucau.wordpress.com https://github.com/rmannibucau 2015-02-06 17:17 GMT+01:00 Piercarlo Alberto Beghetto - Diennea <[email protected]>: > Here is the sample project. > > https://github.com/piercarlobeghetto/jaas-test > > thanks > > Piercarlo Alberto Beghetto > Developer @ Diennea - MagNews > Tel.: (+39) 0546 066100 - Int. 967 > Viale G.Marconi 30/14 - 48018 Faenza (RA) > > > > > > -----Messaggio originale----- > Da: Romain Manni-Bucau [mailto:[email protected]] > Inviato: venerdì 6 febbraio 2015 15:02 > A: [email protected] > Oggetto: Re: JAAS roles propagation in TomEE > > easiest is generally to share a maven project on github or any public source > code platform > > > Romain Manni-Bucau > @rmannibucau > http://www.tomitribe.com > http://rmannibucau.wordpress.com > https://github.com/rmannibucau > > > 2015-02-06 14:54 GMT+01:00 Piercarlo Alberto Beghetto - Diennea > <[email protected]>: >> Suppose i need to produce some kind of file via maven. I'm trying in >> NetBeans. >> When done, I'll share that. >> >> >> >> Piercarlo Alberto Beghetto >> Developer @ Diennea - MagNews >> Tel.: (+39) 0546 066100 - Int. 967 >> Viale G.Marconi 30/14 - 48018 Faenza (RA) >> >> >> >> >> >> -----Messaggio originale----- >> Da: Romain Manni-Bucau [mailto:[email protected]] >> Inviato: venerdì 6 febbraio 2015 11:14 >> A: [email protected] >> Oggetto: Re: JAAS roles propagation in TomEE >> >> Hi >> >> can you share a sample we can run (mvn packahe tomee:run + GET /demo would >> be great)? >> >> >> Romain Manni-Bucau >> @rmannibucau >> http://www.tomitribe.com >> http://rmannibucau.wordpress.com >> https://github.com/rmannibucau >> >> >> 2015-02-06 10:54 GMT+01:00 Piercarlo Alberto Beghetto - Diennea >> <[email protected]>: >>> I tried. >>> >>> I started with two classes, RolePrincipal and UserPrincipal >>> implementing simply java.security.Principal >>> >>> And with conf >>> >>> <Realm className="org.apache.catalina.realm.JAASRealm" >>> appName="custom-login" >>> userClassNames="custom.login.module.package.UserPrincipal " >>> roleClassNames="custom.login.module.package.RolePrincipal >>> "/> >>> >>> but it run in the same way. >>> Looking in some examples I found that alternative solution, was a try. >>> >>> >>> >>> >>> Piercarlo Alberto Beghetto >>> Developer @ Diennea - MagNews >>> Tel.: (+39) 0546 066100 - Int. 967 >>> Viale G.Marconi 30/14 - 48018 Faenza (RA) >>> >>> >>> >>> >>> >>> -----Messaggio originale----- >>> Da: Romain Manni-Bucau [mailto:[email protected]] >>> Inviato: venerdì 6 febbraio 2015 10:42 >>> A: [email protected] >>> Oggetto: Re: JAAS roles propagation in TomEE >>> >>> Hi >>> >>> did you extend >>> org.apache.openejb.core.security.AbstractSecurityService$User >>> and org.apache.openejb.core.security.AbstractSecurityService$Group in >>> your realm? that's the config you did but it is uncommon to do it >>> AFAIK >>> >>> >>> Romain Manni-Bucau >>> @rmannibucau >>> http://www.tomitribe.com >>> http://rmannibucau.wordpress.com >>> https://github.com/rmannibucau >>> >>> >>> 2015-02-06 10:27 GMT+01:00 Piercarlo Alberto Beghetto - Diennea >>> <[email protected]>: >>>> Hello, >>>> >>>> i'm on a JAAS authentication realm for a web application on TomEE. >>>> >>>> I think I miss a thing in the login process. >>>> >>>> I developed my custom LoginModule, configured it and seems work well. >>>> When i try to log in the user (with HttpServletRequest.login() or >>>> LoginContext.login()) all works fine, realm recognize username and >>>> password and I get the user's roles setted in the LoginModule.commit(). >>>> >>>> After the login there is a redirect and in the new servlet there is no >>>> trace of user principals or roles principals setted by login. >>>> >>>> I try >>>> >>>> - HttpServletRequest.getRemoteUser() >>>> >>>> - HttpServletRequest.isUserInRole() >>>> >>>> - @RolesAllowed("someroles") >>>> But in any way I have no trace of the logged user >>>> >>>> >>>> Here are my configurations: >>>> >>>> In context: >>>> <Realm className="org.apache.catalina.realm.JAASRealm" >>>> appName="custom-login" >>>> >>>> userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User" >>>> >>>> roleClassNames="org.apache.openejb.core.security.AbstractSecuritySer >>>> v >>>> i >>>> ce$Group"/> >>>> >>>> >>>> login.config (in TomEE conf folder): >>>> custom-login { >>>> custom.login.module.package.Module required; }; >>>> >>>> >>>> The custom.login.module.package.Module by spec implements >>>> LoginModule, and the principals I set on commit() operation are >>>> >>>> - org.apache.openejb.core.security.AbstractSecurityService$User >>>> >>>> - org.apache.openejb.core.security.AbstractSecurityService$Group >>>> >>>> >>>> Referenced by: >>>> -Djava.security.auth.login.config=%CATALINA_HOME%/conf/login.config >>>> >>>> >>>> Am I missing something? Any advice? >>>> >>>> >>>> Piercarlo Alberto Beghetto >>>> Developer @ Diennea - MagNews >>>> Tel.: (+39) 0546 066100 - Int. 967 >>>> Viale G.Marconi 30/14 - 48018 Faenza (RA) >>>> >>>> [http://www.magnews.it/uploads/39/b1/39b14fb9e0bf42e5329d781139639f34/MagNews-per-firma-.jpg]<http://www.magnews.it/it> >>>> [http://www.magnews.it/uploads/54/da/54da7b9f01a24e97c88c660f9321493b/1361834300_linkedin.jpg]<http://www.linkedin.com/company/diennea---magnews> >>>> >>>> [http://www.magnews.it/uploads/13/46/1346f8efb8ff0b9a009fb40d35f3031d/1361834261_twitter.jpg] >>>> <http://twitter.com/DienneaMagNews> >>>> [http://www.magnews.it/uploads/1b/9d/1b9d890c34589a070a686e0564c6a4c8/1361834314_facebook.jpg] >>>> <http://www.facebook.com/pages/MagNews/197617841797> >>>> [http://www.magnews.it/uploads/04/cf/04cf3df25b9d56d8c99e6946efb735cb/1363207242_10.png] >>>> <http://www.magnews.it/it/iscriviti-alla-newsletter> >>>> >>>> >>>> >>>> >>>> ________________________________ >>>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital >>>> ed email marketing! http://www.magnews.it/newsletter/ >>> >>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital >>> ed email marketing! http://www.magnews.it/newsletter/ >> >> Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed >> email marketing! http://www.magnews.it/newsletter/ > > Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed email > marketing! http://www.magnews.it/newsletter/
