Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-9213

module-option principalClass will be ignored

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 6.0.0.Final
    • Security
    • None

      I wrote a custom login module and configured it at login-config.xml as follows:

        <application-policy name="MyRealm">
    <authentication>
      <login-module code="com.example.MyLoginModule" flag="required">
	<module-option name="principalClass">com.example.UserPrincipal</module-option>
        <module-option name="debug">true</module-option>
      </login-module>
    </authentication>
  </application-policy>

      In a second step I wrote a simple JSF application that performs the login using HttpServletRequest.login() that works very well.
      Finally I used HttpServletRequest.getUserPrincipal() to retrieve the custom principal created during the login process.
      On JBoss I'll just get a JBoss internal org.jboss.security.SimplePrincipal and I have to use PolicyContext.getContext("javax.security.auth.Subject.container") to get the desired principal.

      The custom login module implements javax.security.auth.spi.LoginModule and is not derived from org.jboss.security.auth.spi.UsernamePasswordLoginModule since it should work on any JavaEE Container.
      As far as I understood the specification the element <module-option name="principalClass"> should be used to achieve this behavior.

              anil.saldhana Anil Saldanha (Inactive)
              feichtegegr Michael Feichtegger (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: