-
1. Re: Login-Principal is not propagated to Ejb's SessionContext
jaikiran Oct 12, 2011 2:32 AM (in response to didier2011)What is the fully qualified package name of the @SecurityDomain annotation you are using? Also, how/where is the login being carried out?
-
2. Re: Login-Principal is not propagated to Ejb's SessionContext
didier2011 Oct 12, 2011 2:47 AM (in response to jaikiran)The annotation package is: org.jboss.ejb3.annotation.SecurityDomain
What do you mean with "where is the login being carried out", what do you need exactly?
-
3. Re: Login-Principal is not propagated to Ejb's SessionContext
jaikiran Oct 12, 2011 2:50 AM (in response to didier2011)Dieter Tengelmann wrote:
What do you mean with "where is the login being carried out", what do you need exactly?
Are you doing web based login (FORM, BASIC) or some kind of programatic login to pass the user credentials?
-
4. Re: Login-Principal is not propagated to Ejb's SessionContext
didier2011 Oct 12, 2011 3:00 AM (in response to jaikiran)It's a web-based login, via a form action in jsp:
<form name="login" action="j_security_check" method="POST">
in web.xml we've got:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>login.jsp</form-login-page>
<form-error-page>login-error.jsp</form-error-page>
</form-login-config>
</login-config>
-
5. Re: Login-Principal is not propagated to Ejb's SessionContext
didier2011 Oct 13, 2011 11:41 AM (in response to didier2011)Debugging showed that security context is set and cleared in the same thread, after that the anonymous principal is set
SecurityContextAssociation.setSecurityContext(securityContextWithCorrectPrincipal)
after that
SecurityContextAssociation.clearSecurityContext();
after that
SecurityContextAssociation.setSecurityContext(securityContextWithAnonymousPrincipal)
Could this problem be introduced by fixing https://issues.jboss.org/browse/AS7-989
-
6. Re: Login-Principal is not propagated to Ejb's SessionContext
anil.saldhana Oct 14, 2011 2:07 PM (in response to didier2011)Dieter, let me add a test case to the testsuite and see what the problem may be.
-
7. Re: Login-Principal is not propagated to Ejb's SessionContext
anil.saldhana Oct 14, 2011 3:50 PM (in response to anil.saldhana)I looked at the AS7 testsuite and I see that Carlo/Darran have a testcase to test the Servlet->EJB3 with the getCallerPrincipal usage. So this is being tested in our testsuite.
Links:
TestCase:
[Look for the testAuthentication_ViaServlet() method]
Servlet:
EJB3:
Running:
Running org.jboss.as.test.spec.ejb3.security.AuthenticationTestCase
Tests run: 19, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.52 sec
-
8. Re: Login-Principal is not propagated to Ejb's SessionContext
didier2011 Oct 14, 2011 10:13 PM (in response to anil.saldhana)Hi Anil,
thank you for checking the issue, but I tried to create a little ear file to demonstrate the problem, and I found, the missing propagation is related to the request that follows the authentication:
you need a loginModule for the security-domain myDomain, I tried it with org.jboss.security.auth.spi.DatabaseServerLoginModule
but you can also reproduce the bug with the following security configuration
<security-domain name="myDomain">
<authentication>
<login-module code="org.jboss.security.auth.spi.IdentityLoginModule" flag="required">
<module-option name="principal" value="admin"/>
<module-option name="roles" value="superuser"/>
</login-module>
</authentication>
</security-domain>
call principal-war/principalViewer
login as user admin with role superuser
and you see after successful login, that ejb context is not aware of the freshly logged in principal in the following request,
my app is invalidating the session in this case...
-
principal-ear.ear 7.2 KB
-
sources.zip 1.6 KB
-
-
9. Re: Login-Principal is not propagated to Ejb's SessionContext
anil.saldhana Oct 18, 2011 5:40 PM (in response to didier2011)My colleague Marcus has put in this pull request (https://github.com/jbossas/jboss-as/pull/452) which when pulled in JBoss AS master should resolve the issue you have. Marcus told me that he tested it successfully in his environment. So please wait a couple of days for it to be merged.
-
10. Re: Login-Principal is not propagated to Ejb's SessionContext
sergiu_pienar Mar 25, 2014 5:45 AM (in response to anil.saldhana)Using JBoss 7.1.1 and having the same problem - was this fix included in JBoss 7.1.1 ?
Thanks