File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Struts and the fly likes JAAS with JBOSS and Struts2 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "JAAS with JBOSS and Struts2" Watch "JAAS with JBOSS and Struts2" New topic
Author

JAAS with JBOSS and Struts2

shahidsan shaikh
Greenhorn

Joined: Aug 29, 2008
Posts: 6
Hi,

I have been able to authenticate a user using JAAS on Jboss 4.2. However here is my question? How do I access once the user is logged in what roles he/she has?

Here is my SessionLogin action, whihc implements the PrincipalAware interface, and i know from my debug lines this does get set. When i call isUserRole("Admin") it is showing false.

I thought implementing PrincipalAware will give me access to what got set with JAAS on JBoss

Can anyone help?


package lab.security;


import java.io.ByteArrayInputStream;
import java.rmi.RemoteException;
import java.security.Principal;
import java.util.*;

import javax.ejb.CreateException;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.rmi.PortableRemoteObject;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.ServletContext;

import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.PrincipalAware;
import org.apache.struts2.interceptor.PrincipalProxy;
import org.apache.struts2.util.ServletContextAware;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.callback.SecurityAssociationHandler;

import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionSupport;

public class SessionLogin extends ActionSupport implements ServletContextAware, PrincipalAware
{

/**
*
*/
private static final long serialVersionUID = 2452642373778L;

private String userId;

private String password;

public byte[] foto;
private PrincipalProxy _principalProxy;
private ServletContext _servletContext;
public String execute() throws Exception {

Properties prop = new Properties();
String j_username = null;
String j_password = null;
try {
System.out.println("in excute() "+this.userId);
SecurityAssociationHandler handler = new
SecurityAssociationHandler();

SimplePrincipal user = new SimplePrincipal(this.userId);
handler.setSecurityInfo(user, this.password.toCharArray());
LoginContext loginContext = new
LoginContext("userRolesTest", (CallbackHandler) handler);
loginContext.login();
//Subject subject = loginContext.getSubject();
//Set principals = subject.getPrincipals();
//principals.add(user);
Map mp = ActionContext.getContext().getSession();
mp.put("logged-in", "true");

System.out.println("User role admin :"+_principalProxy.isUserInRole("Admin"));
System.out.println("User role admin :"+_principalProxy.isUserInRole("User"));
return "SUCCESS";

} catch (LoginException e) {
e.printStackTrace();

}
return "ERROR";

}

public String getPassword() {
return password;
}

public void setPassword(String password) {
this.password = password;
}

public String getUsername() {
return userId;
}

public void setUsername(String userId) {
this.userId = userId;
}

public byte[] getFoto() {

return foto;
}

public void setFoto(byte[] foto) {
this.foto = foto;
}

public void setPrincipalProxy(PrincipalProxy principalProxy)
{
System.out.println("principalProxy context set :"+principalProxy);
_principalProxy = principalProxy;
}

public void setServletContext(ServletContext servletContext)
{
System.out.println("servletContext context set :"+servletContext);
_servletContext = _servletContext;
}
}
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JAAS with JBOSS and Struts2