-
1. Re: Principal propagation from web to ejb
jaikiran Aug 5, 2011 11:11 PM (in response to jean.baldessar)Post the code which does the login. If it's container managed authentication then post the relevant configs.
-
2. Re: Principal propagation from web to ejb
jean.baldessar Aug 8, 2011 7:51 AM (in response to jaikiran)thanks for replying jaikiran pai.
I'm using a simple form based container authentication with JBoss DatabaseServerLoginModule.
The standanole looks like that:
<security-domain name="myDomain">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:/initium-ds1"/>
<module-option name="principalsQuery" value="select password, login from asdusuario where login = ?"/>
<module-option name="rolesQuery" value="SELECT 'admin' rolename, 'Roles' rolegroup from dual where ? is not null"/>
</login-module>
</authentication>
</security-domain>
The war/web-inf/jboss-web.xml:
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE jboss-web
PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">
<jboss-web>
<security-domain>myDomain</security-domain>
</jboss-web>
The jar/meta-inf/jboss.xml:
<?xml version='1.0' encoding='UTF-8' ?>
<jboss>
<security-domain>myDomain</security-domain>
</jboss>
Some idea?
-
3. Re: Principal propagation from web to ejb
jean.baldessar Aug 8, 2011 8:40 AM (in response to jean.baldessar)One more information:
The same application works fine in JBoss 4.2.3.
Anyone else tested this in JBoss 7?
It only happens in my application?
thanks
-
4. Re: Principal propagation from web to ejb
jean.baldessar Aug 8, 2011 9:31 AM (in response to jean.baldessar)If it helps:
I made some tests and the same problem happens using the UsersRolesLoginModule.
It excludes my suspects that the problem was on the DatabaseServerLoginModule...
To me, it seems like a JBoss 7 bug, but it's too basic to that...
I would like to know if somebody already did a similar test.
thanks
-
5. Re: Principal propagation from web to ejb
jaikiran Aug 8, 2011 10:03 AM (in response to jean.baldessar)1 of 1 people found this helpful -
6. Re: Principal propagation from web to ejb
jean.baldessar Aug 8, 2011 1:01 PM (in response to jaikiran)Hi jaikiran pai, thanks for replying.
I've added the @org.jboss.ejb3.annotation.SecurityDomain annotation in my SSB and nothing changed.
I must have done something wrong.
My SSB now looks like that:
@Stateless
@SecurityDomain(value = "myDomain")
public class TesSSB implements ITestSSB{
@Resource private SessionContext ctx;
@Override
public void testLoggedUser(){
try {
System.out.println(ctx.getCallerPrincipal().getName());
} catch (Exception e) {
System.out.println("nobody");
}
}
}
the output still the same...
-
7. Re: Principal propagation from web to ejb
jean.baldessar Aug 8, 2011 2:39 PM (in response to jean.baldessar)it seems that the SecurityDomain doesn't affect my application. I put @DenyAll in the method but it still being executed. (with the same strange behaviour).
I must have done something wrong becouse it works for beckers.
Anyway, nobody misses the SessionContext.getCallerPrincipal() functionality?
-
8. Re: Principal propagation from web to ejb
jean.baldessar Aug 8, 2011 3:54 PM (in response to jaikiran)jeikiran pai,
I made a simple sample application to explain my problem and it worked.
Is seems that the problem its specific to my application.
I'll try to find the difference between my real application and the sample application.
When I find the problem i'll post it for the community
thanks for the help
-
9. Re: Principal propagation from web to ejb
jean.baldessar Aug 9, 2011 7:41 AM (in response to jaikiran)I found the problem!
I'm using JSF 1.2 and Richfaces 3.3.2.SR1.
I have the Richfaces filter configured in web.xml:
<filter>
<display-name>RichFaces Filter</display-name>
<filter-name>richfaces</filter-name>
<filter-class>org.ajax4jsf.Filter</filter-class>
</filter>
<filter-mapping>
<filter-name>richfaces</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
removing the Richfaces filter everything works fine. (excluding the Richfaces itself).
Now I need to find a way to use Richfaces without this problem.
Maybe a diferent version... some idea?
-
10. Re: Principal propagation from web to ejb
dlofthouse Aug 9, 2011 7:52 AM (in response to jean.baldessar)Is there any chance of uploading an app somewhere with Richfaces enabled that can reproduce this?
-
11. Re: Principal propagation from web to ejb
jean.baldessar Aug 9, 2011 7:59 AM (in response to dlofthouse)Hi Darran Lofthouse, yes, I'll make one example and post here later.
-
12. Re: Principal propagation from web to ejb
jean.baldessar Aug 11, 2011 8:28 AM (in response to dlofthouse)Here is an application that show my problem.
To deploy it in JBoss 7 you just have to create a security domain called 'myDomain' with your user and login.
The source code its inside the EAR.
To see the erros, follow the steps:
* acess the url localhost:8080/sampleweb/index.jsf
* do the login
* click a lot in the ajax button (30 to 50 times)
* look at the console window
The behavior is realy weird, sometimes you start clicking and everything works fine, but if you continue clicking, at some point, the thread that run the request starts to change, and then you got the authentication problem. After the thread change for the first time, is starts to run every request in a diferent thread, and then you got the error in 80% of the requests (even clicking in the non ajax button).
After some tests, I'm not sure anymore if the problem is realy with Richfaces, maybe it's a concurrent requests problem and the Richfaces just make possible to verify this. But as I said previously, removing the Richfaces filter everything seems to work fine. (excluding the Richfaces itself).
So, if you do that, the non ajax button will work fine, but the ajax button will stop working.
In my production application it happens without clicking a lot of times in an ajax button. It happens 90% of the time.
very strange and very unstable...
-
sampleear.ear 5.7 MB
-
-
13. Re: Principal propagation from web to ejb
dlofthouse Aug 9, 2011 12:12 PM (in response to jean.baldessar)1 of 1 people found this helpfulThank you for the deployment, I have now been able to reproduce this myself.
I am currently looking into the details but I do believe that this is showing a bug in AS7 - once I have the details clarified I will get the Jira issues raised and post them here.
-
14. Re: Principal propagation from web to ejb
jean.baldessar Aug 9, 2011 12:56 PM (in response to dlofthouse)Thanks Darren,
this is the only thing I need to migrate my application to AS7...
Hope for good news