I'm using JAAS for the very first time and spent a good half day trying to find a decent tutorial but can't. I can get the Authentication process working fine. I'm using JBOSS 4, and am using the JBOSS "DatabaseServerLoginModule" which will create a user principal and a role principal for me.
<application-policy name = "SSLogin">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "unauthenticatedIdentity">guest</module-option>
<module-option name = "dsJndiName">java:/jdbc/PostgresSS</module-option>
<module-option name = "principalsQuery">SELECT PASSWORD FROM SS_USER WHERE SS_USER_NAME=? AND ACTIVE_IND='true' AND DELETED_IND='false'</module-option>
<module-option name = "rolesQuery">SELECT ROLE_ID, 'Role' FROM SS_USER WHERE SS_USER_NAME=?</module-option>
I have created a custom CallBackHandler called PassiveCallbackHandler a side from that I created no other files, no policy files or user files. I'm strickly using the following code and it authenticates me fine.
ActionForward forward = null;
LoginForm loginForm = (LoginForm)form;
String username = loginForm.getUsername();
String password = loginForm.getPassword();
PassiveCallbackHandler pcbh = new PassiveCallbackHandler(username, password);
LoginContext lc = new LoginContext("SSLogin",pcbh);
forward = mapping.findForward("success");
catch (LoginException e)
forward = mapping.findForward("failure");
My question is after I've done this how do I access the principal throughout the application. Do I have to manually store the subject in the session? When I use HttpServletRequest.getUserPrincipal() I get null. When I use EJBContext.getPrincipal() i get anonymous.
I want to accomplish two goals.
1> I want to use Auditing in my CMP's and don't want to pass in a modified String, I'd like to use the getPrincipal().
2> I want to restrict certain pages of the site for particular roles. I'm using struts. I don't want a non manager typing in the url of a manager site. I have tried to find good explanations on the net but they are all either command line or very very simple and don't give complete examples.