tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <rmannibu...@gmail.com>
Subject Re: JAAS roles propagation in TomEE
Date Fri, 06 Feb 2015 17:07:00 GMT
Hello

just checked quickly browsing sources but seems you didnt define any
constraints in web.xml so login is then "request scoped" only (ie the
form authenticator doesn't cache the principal)


Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau


2015-02-06 17:17 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
<piercarlo.beghetto@diennea.com>:
> Here is the sample project.
>
> https://github.com/piercarlobeghetto/jaas-test
>
> thanks
>
> Piercarlo Alberto Beghetto
> Developer @ Diennea - MagNews
> Tel.: (+39) 0546 066100 - Int. 967
> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>
>
>
>
>
> -----Messaggio originale-----
> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
> Inviato: venerdì 6 febbraio 2015 15:02
> A: users@tomee.apache.org
> Oggetto: Re: JAAS roles propagation in TomEE
>
> easiest is generally to share a maven project on github or any public source code platform
>
>
> Romain Manni-Bucau
> @rmannibucau
> http://www.tomitribe.com
> http://rmannibucau.wordpress.com
> https://github.com/rmannibucau
>
>
> 2015-02-06 14:54 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
> <piercarlo.beghetto@diennea.com>:
>> Suppose i need to produce some kind of file via maven. I'm trying in NetBeans.
>> When done, I'll share that.
>>
>>
>>
>> Piercarlo Alberto Beghetto
>> Developer @ Diennea - MagNews
>> Tel.: (+39) 0546 066100 - Int. 967
>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>
>>
>>
>>
>>
>> -----Messaggio originale-----
>> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
>> Inviato: venerdì 6 febbraio 2015 11:14
>> A: users@tomee.apache.org
>> Oggetto: Re: JAAS roles propagation in TomEE
>>
>> Hi
>>
>> can you share a sample we can run (mvn packahe tomee:run + GET /demo would be great)?
>>
>>
>> Romain Manni-Bucau
>> @rmannibucau
>> http://www.tomitribe.com
>> http://rmannibucau.wordpress.com
>> https://github.com/rmannibucau
>>
>>
>> 2015-02-06 10:54 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
>> <piercarlo.beghetto@diennea.com>:
>>> I tried.
>>>
>>> I started with two classes, RolePrincipal and UserPrincipal
>>> implementing simply java.security.Principal
>>>
>>> And with conf
>>>
>>> <Realm className="org.apache.catalina.realm.JAASRealm"
>>>            appName="custom-login"
>>>            userClassNames="custom.login.module.package.UserPrincipal "
>>>            roleClassNames="custom.login.module.package.RolePrincipal
>>> "/>
>>>
>>> but it run in the same way.
>>> Looking in some examples I found that alternative solution, was a try.
>>>
>>>
>>>
>>>
>>> Piercarlo Alberto Beghetto
>>> Developer @ Diennea - MagNews
>>> Tel.: (+39) 0546 066100 - Int. 967
>>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>>
>>>
>>>
>>>
>>>
>>> -----Messaggio originale-----
>>> Da: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
>>> Inviato: venerdì 6 febbraio 2015 10:42
>>> A: users@tomee.apache.org
>>> Oggetto: Re: JAAS roles propagation in TomEE
>>>
>>> Hi
>>>
>>> did you extend
>>> org.apache.openejb.core.security.AbstractSecurityService$User
>>> and org.apache.openejb.core.security.AbstractSecurityService$Group in
>>> your realm? that's the config you did but it is uncommon to do it
>>> AFAIK
>>>
>>>
>>> Romain Manni-Bucau
>>> @rmannibucau
>>> http://www.tomitribe.com
>>> http://rmannibucau.wordpress.com
>>> https://github.com/rmannibucau
>>>
>>>
>>> 2015-02-06 10:27 GMT+01:00 Piercarlo Alberto Beghetto - Diennea
>>> <piercarlo.beghetto@diennea.com>:
>>>> Hello,
>>>>
>>>> i'm on a JAAS authentication realm for a web application on TomEE.
>>>>
>>>> I think I miss a thing in the login process.
>>>>
>>>> I developed my custom LoginModule, configured it and seems work well.
>>>> When i try to log in the user (with HttpServletRequest.login() or LoginContext.login())
all works fine, realm recognize username and password and I get the user's roles setted in
the LoginModule.commit().
>>>>
>>>> After the login there is a redirect and in the new servlet there is no trace
of user principals or roles principals setted by login.
>>>>
>>>> I try
>>>>
>>>> -          HttpServletRequest.getRemoteUser()
>>>>
>>>> -          HttpServletRequest.isUserInRole()
>>>>
>>>> -          @RolesAllowed("someroles")
>>>> But in any way I have no trace of the logged user
>>>>
>>>>
>>>> Here are my configurations:
>>>>
>>>> In context:
>>>> <Realm className="org.apache.catalina.realm.JAASRealm"
>>>>            appName="custom-login"
>>>>            userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
>>>>
>>>> roleClassNames="org.apache.openejb.core.security.AbstractSecuritySer
>>>> v
>>>> i
>>>> ce$Group"/>
>>>>
>>>>
>>>> login.config (in TomEE conf folder):
>>>> custom-login {
>>>>    custom.login.module.package.Module required; };
>>>>
>>>>
>>>> The custom.login.module.package.Module by spec implements
>>>> LoginModule, and the principals I set on commit() operation are
>>>>
>>>> -          org.apache.openejb.core.security.AbstractSecurityService$User
>>>>
>>>> -          org.apache.openejb.core.security.AbstractSecurityService$Group
>>>>
>>>>
>>>> Referenced by:
>>>> -Djava.security.auth.login.config=%CATALINA_HOME%/conf/login.config
>>>>
>>>>
>>>> Am I missing something? Any advice?
>>>>
>>>>
>>>> Piercarlo Alberto Beghetto
>>>> Developer @ Diennea - MagNews
>>>> Tel.: (+39) 0546 066100 - Int. 967
>>>> Viale G.Marconi 30/14 - 48018 Faenza (RA)
>>>>
>>>> [http://www.magnews.it/uploads/39/b1/39b14fb9e0bf42e5329d781139639f34/MagNews-per-firma-.jpg]<http://www.magnews.it/it>
>>>> [http://www.magnews.it/uploads/54/da/54da7b9f01a24e97c88c660f9321493b/1361834300_linkedin.jpg]<http://www.linkedin.com/company/diennea---magnews>
    [http://www.magnews.it/uploads/13/46/1346f8efb8ff0b9a009fb40d35f3031d/1361834261_twitter.jpg]
<http://twitter.com/DienneaMagNews>      [http://www.magnews.it/uploads/1b/9d/1b9d890c34589a070a686e0564c6a4c8/1361834314_facebook.jpg]
<http://www.facebook.com/pages/MagNews/197617841797>      [http://www.magnews.it/uploads/04/cf/04cf3df25b9d56d8c99e6946efb735cb/1363207242_10.png]
<http://www.magnews.it/it/iscriviti-alla-newsletter>
>>>>
>>>>
>>>>
>>>>
>>>> ________________________________
>>>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital
>>>> ed email marketing! http://www.magnews.it/newsletter/
>>>
>>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital
>>> ed email marketing! http://www.magnews.it/newsletter/
>>
>> Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed
>> email marketing! http://www.magnews.it/newsletter/
>
> Iscriviti alla nostra newsletter per rimanere aggiornato su digital ed email marketing!
http://www.magnews.it/newsletter/

Mime
View raw message