0 Replies Latest reply: Mar 13, 2012 11:37 AM by jsofti RSS

EjbContext CallerPrincipal is always anonymous

jsofti Newbie

Hello,

 

we're trying to setup a ldap authentication with the AS7.1 and we need help

 

We manged it to authenticate with our ldap server, but now we have the problem, that  when we call ejbContext.getCallerPrincipal().getName() the result always is "anonymous".

 

It seems that the login name isn't propagated correctly to the EjbContext, is that a bug or are we doing something wrong?

 

Thank you for any help.

 

 

               
      <security-realms>
            <security-realm name="ManagementRealm">
                <authentication>
                    <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
            </security-realm>
            <security-realm name="ApplicationRealm">
                <authentication>
                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
            </security-realm>
            <security-realm name="TestRealm">
                <authentication>
                    <ldap connection="ldap://xxxxx:xxx" base-dn="ou=xxx,dc=dev,dc=xx">
                        <advanced-filter filter="(sAMAccountName={0})"/>
                    </ldap>
                </authentication>
            </security-realm>
        </security-realms>
     ...
               <security-domain name="xxx_ldap_domain" cache-type="default">
                    <authentication>
                        <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
                            <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                            <module-option name="java.naming.provider.url" value="ldap://xxxxx:xxx"/>
                            <module-option name="java.naming.security.authentication" value="simple"/>
                            <module-option name="searchTimeLimit" value="5000"/>
                            <module-option name="principalDNSuffix" value="@xxx"/>
                            <module-option name="searchScope" value="ONELEVEL_SCOPE"/>
                            <module-option name="realm" value="TestRealm"/>
                        </login-module>
                    </authentication>
                </security-domain>

LoginController

 


public void doLogin() {
    try {
       
        CallbackHandler handler = new UserPassHandler(this.userName, this.pass);
        LoginContext lc = new LoginContext("xxx_ldap_domain", handler);
        getLogger().debug("login called");
        lc.login();
        getLogger().debug("login ok " + lc.getSubject().toString());
       
        ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
        context.redirect("index.html");
       
        FacesContext.getCurrentInstance().responseComplete();
       
    } catch (Exception e) {
        getLogger().fatal("Login failed", e);
    }

}



class UserPassHandler implements CallbackHandler {
    private String user, pass;
   
    private UserPassHandler(String user, String pass) {
        super();
        this.user = user;
        this.pass = pass;
    }
   
    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbacks.length; i++) {
            if (callbacks[i] instanceof NameCallback) {
                NameCallback nc = (NameCallback) callbacks[i];
                nc.setName(user);
            } else if (callbacks[i] instanceof PasswordCallback) {
                PasswordCallback pc = (PasswordCallback) callbacks[i];
                pc.setPassword(pass.toCharArray());
            } else {
                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
            }
        }
    }

}

 

Sample call (EJB)

 

 


@Resource

EJBContext ctx;



public void logCaller(){
    Principal p = ctx.getCallerPrincipal();
    if (p != null) {
        String name = p.getName();
        getLogger().debug("ejbContext: " + name);
    }

}