0 Replies Latest reply on Apr 25, 2014 6:02 AM by musthafahcl

    securitycontext association to session in AS7 -Query

    musthafahcl

      Hi

       

      I am migrating existing programmatic web login authentication process to picketbox module provided by AS7 ie.picketbox-4.0.19.SP2-redhat-1.jar.

       

      below is the code that i am using to get authenticated and to associate.

       

          public void doPost(HttpServletRequest request, HttpServletResponse response){

         

              try {

          

                String securityDomainName = "MyJaas";

                SecurityContext securityContext = SecurityFactory.establishSecurityContext(securityDomainName);

                //Picket box Authentication starts

                SecurityFactory.prepare();

                  try {            

                      Subject subject = new Subject();

                      Principal principal = getPrincipal("Musthafa");

                      Object credential = new String("pwd");

                 

                       AuthenticationManager am = securityContext.getAuthenticationManager();

                       if(am == null)

                          throw new RuntimeException("Authentication Manager is null");

                    

                      boolean result = am.isValid(principal, credential,subject);

                      if(result == false)

                          throw new RuntimeException("Authentication Failed");

                      

                 

                       System.out.println("result... :"+result); //true

                      

                       System.out.println("subject.getPrincipals().size()... :"+subject.getPrincipals().size());  // 2

                    

                       securityContext.getUtil().createSubjectInfo(principal, credential, subject);

                    

                       System.out.println("UserPrincipal"+securityContext.getUtil().getUserPrincipal());//Musthafa            

                                    

                       System.out.println("Subject info Role :"+securityContext.getSubjectInfo().getRoles());  //null

                    

                       System.out.println("Authenticated Subject :"+securityContext.getSubjectInfo().getAuthenticatedSubject());

      /*result of above sop

      01:37:44,247 INFO  [stdout] (http-localhost/127.0.0.1:8080-1) Authenticated Subject :Subject:

      01:37:44,247 INFO  [stdout] (http-localhost/127.0.0.1:8080-1)     Principal: Musthafa

      01:37:44,247 INFO  [stdout] (http-localhost/127.0.0.1:8080-1)     Principal: Roles(members:MyUsers)

      */

                    

                      SecurityContextAssociation.setSecurityContext(securityContext);             

       

                               }

                               catch (Exception exc) {

                                   exc.printStackTrace();

                                   System.out.println("JAAS Login failed: " +(String) exc.getMessage() );                         

                               }        

               

                RequestDispatcher dispatcher=request.getRequestDispatcher("action to next page which is welcome.jsp");                  

               dispatcher.forward(request, response);

              } catch (ServletException e) {

                  e.printStackTrace();

              } catch (IOException e) {

                  e.printStackTrace();

              }catch(Exception e){

                  e.printStackTrace();

              }

            

          }

       

      After this code is executed, userPrincipal and Roles of request/session variable are null.

      The next page to be displayed is under auth-contraint of "MyUsers" : configuration of web.xml. so the application displays 403 page.

      I am adding roles into the group in MyLoginModule.java

      is anything missing to propagate subject to request/session . Let me know if any other inf. required.

       

      Thanks