JBoss + Struts - FORM Authentication?

Thread view:

Denis Mouraviev - 12 Dec 2003 09:58 GMT

I can't make a simple form authentication! Can somebody say me what i am
doing wrong?
I am logging on successfully, but the result Subject is not propagated to
the web container
and on the next page when i am calling

request.getUserPrincipal();

i am getting null value;

When i doing BASIC instead of FORM authentication everything works fine.

jboss-web.xml
======================== Cut ========================
<jboss-web>
<security-domain>java:/jaas/role-test</security-domain>
</jboss-web>

login-config.xml
======================== Cut ========================
<application-policy name="role-test">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="debug">true</module-option>
</login-module>
</authentication>

======================== Cut ========================

web.xml
======================== Cut ========================
<security-constraint>
<web-resource-collection>
<web-resource-name>some resource</web-resource-name>
<description>Declarative security tests</description>
<url-pattern>/admin/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<description>no description</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>role-test</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>

======================== Cut ========================

LoginAction.java
======================== Cut ========================
String username =(String) PropertyUtils.getProperty(form,
"j_username");
String password = (String)PropertyUtils.getProperty(form,
"j_password");

SimplePrincipal user =new SimplePrincipal(username);
SecurityAssociationHandler handler =new
SecurityAssociationHandler();
handler.setSecurityInfo(user, password.toCharArray());
LoginContext loginContext = new LoginContext("role-test", handler);
loginContext.login();

// Subject subject = loginContext.getSubject();
// SecurityAssociation.setPrincipal(user);
// SecurityAssociation.setCredential(password.toCharArray());
// SecurityAssociation.setSubject(subject);

======================== Cut ========================

Reply to this Message

DonkerLicht - 28 Jan 2004 13:13 GMT

Hi,

I'm having the same problem. I'm trying to implement JAAS into struts with form-based authentication. When I try to login with a user as a member of a role (which doesn't have sufficient rights to access a specific page) the authenticator seems to forget in which role the user exists and gives access to the page. However, when I use basic authentication, everything works fine and the user is not allowed. Have you find a solution yet? Thanks in advance.

Kind regards,

Johan Pieck

Reply to this Message

Andrea Fontanelli - 16 Mar 2005 17:20 GMT

Hi all,
I'm having the same problem.

Have you find a solution yet or a workaround to solve the problem?

Thanks in advance.

Kind regards,

Andrea Fontanelli

Reply to this Message

Hari Gangadharan - 18 Apr 2005 07:19 GMT

You may think that the ClientLoginModule is not needed - but you need to
add the following lines to the application policy to make it work.

<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
</login-module>

Hope this helps somebody.

-- Hari Gangadharan

Reply to this Message

JBoss + Struts - FORM Authentication?

Free Magazines