1 Reply Latest reply: Oct 16, 2011 5:05 PM by topcoder1 zaier RSS

JBOSS Portal Security

topcoder1 zaier Newbie

Hello;

1) After an authentification by JAAS login ( its a developped module), I tried to find the subject object, but I have null value :
String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
Subject caller = (Subject) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
2) When I tried to have the request Object like this
HttpServletRequest request = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest");

- getUserPrincipal().getName() = value not null but roles are null

Could you help me
Thanks

  • 1. Re: JBOSS Portal Security
    topcoder1 zaier Newbie

    I have resolved this pb in 2009, the answer was :

     

    In authentifiction module :

    ---------------------------------------

     

    String WEB_REQUEST_KEY = "javax.servlet.http.HttpServletRequest";

            HttpServletRequest request;

            String j_role = null;

            String j_user = null;

            String j_password = null;

            try {

                request = (HttpServletRequest) PolicyContext.getContext(WEB_REQUEST_KEY);

               

                j_role = request.getParameter("j_role");

                j_user = request.getParameter("j_username");

                j_password = request.getParameter("j_password");

              this.callbackHandler = new customCallbackHandler(j_user, j_password, j_role);

     

            } catch (PolicyContextException e) {

                throw new FailedLoginException("Technical Error");

            }

     

    In the customCallbackHandler class :

    ------------------------------------------------------

     

    public class customCallbackHandler implements CallbackHandler {

    ...............;

    @Override

        public void handle(Callback[] callbacks) throws IOException,

                UnsupportedCallbackException {

           

            for (int i = 0; i < callbacks.length; i++) {

                if (callbacks[i] instanceof TextOutputCallback) {

     

                    // display the message according to the specified type

                    TextOutputCallback toc = (TextOutputCallback) callbacks[i];

                    switch (toc.getMessageType()) {

                    case TextOutputCallback.INFORMATION:

                        System.out.println(toc.getMessage());

                        break;

                    case TextOutputCallback.ERROR:

                        System.out.println("ERROR: " + toc.getMessage());

                        break;

                    case TextOutputCallback.WARNING:

                        System.out.println("WARNING: " + toc.getMessage());

                        break;

                    default:

                        throw new IOException("Unsupported message type: "

                                + toc.getMessageType());

                    }

     

                } else if (callbacks[i] instanceof TextInputCallback) {

     

                    // prompt the text imput for a role

                    TextInputCallback tic = (TextInputCallback) callbacks[i];

                    tic.setText(role);

     

                } else if (callbacks[i] instanceof NameCallback) {

     

                    // prompt the user for a username

                    NameCallback nc = (NameCallback) callbacks[i];

                    nc.setName(username);

     

                } else if (callbacks[i] instanceof PasswordCallback) {

     

                    // prompt the user for sensitive information

                    PasswordCallback pc = (PasswordCallback) callbacks[i];

                    pc.setPassword(password.toCharArray());

     

                } else {

                    throw new UnsupportedCallbackException(callbacks[i],

                            "Unrecognized Callback");

                }

            }

     

        }

     

    In the view class :

    --------------------------

     

    public boolean isUserInRoleAdministrator() {

     

    FacesContext ctx = FacesContext.getCurrentInstance();

            Object request = ctx.getExternalContext().getRequest();

            if (request instanceof RenderRequest) {

                List<String> roles = (List<String>) ((RenderRequest) request).getPortletSession(false).getAttribute("roles");

                if (null != roles)

                    return roles.contains(ADMINISTRATOR);

            } else if (request instanceof HttpServletRequest) {

                List<String> roles = (List<String>) ((HttpServletRequest) request).getSession(false).getAttribute(ATTRIBUTE_ROLES);

                if (null != roles)

                    return roles.contains(ADMINISTRATOR);

     

            } else if (request instanceof ResourceRequest) {           

                List<String> roles = (List<String>) ((ResourceRequest) request).getPortletSession().getAttribute("roles");

                if (null != roles)

                    return roles.contains(ADMINISTRATOR);

     

            }

     

    public String getUserConnected() {

            if (null != FacesContext.getCurrentInstance().getExternalContext() && null != FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal())

                return FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal().getName();

            else

                return null;

        }