1

I have created simple web application with JAAS auth, all works fine, but I need get user's roles list in the servlet, I get subject but it is not return any roles list and related principals. It return only first added principal? Why so?How get roles?

here my sources:

AccLoginModule.java

public class AccLoginModule implements LoginModule {
        public Subject subject;
        private CallbackHandler callbackHandler;
        private Map<String, ?> sharedState;
        private Map<String, ?> options;

        private AccPrincipal principal;
        private boolean committed = false;

        @Override
        public boolean abort() throws LoginException {
            System.out.println("abort");
            if (!committed)
                return false;
            if (principal != null) {
                logout();
                principal = null;
            }
            return true;
        }

        @Override
        public boolean commit() throws LoginException {
            try {
                if (subject.getPrincipals().size() == 0) {
                    subject.getPrincipals().add(new AccPrincipal("principal 1"));
                    subject.getPrincipals().add(new AccPrincipal("principal 2"));
                    subject.getPrincipals().add(new AccRole("Acc User"));
                    subject.getPrincipals().add(new AccRole("Acc User1"));
                }
                return true;
            } catch (Exception e) {
                e.printStackTrace();
                return false;
            }
        }

        @Override
        public boolean login() throws LoginException {
            // System.out.println("login");

            if (callbackHandler == null)
                throw new LoginException("No CallbackHandler specified");
            Callback callbacks[] = new Callback[2];
            callbacks[0] = new NameCallback("Username: ");
            callbacks[1] = new PasswordCallback("Password: ", false);

            // Interact with the user to retrieve the username and password
            String username = null;
            String password = null;
            try {
                callbackHandler.handle(callbacks);
                username = ((NameCallback) callbacks[0]).getName();
                password = new String(((PasswordCallback) callbacks[1]).getPassword());
                return true;
            } catch (Exception e) {
                throw new LoginException(e.toString());
            }
        }

        @Override
        public boolean logout() throws LoginException {
            System.out.println("logout");
            committed = false;
            subject.getPrincipals().remove(principal);

            return false;
        }

        @Override
        public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
            this.subject = subject;
            this.callbackHandler = callbackHandler;
            this.sharedState = sharedState;
            this.options = options;

        }

        public Subject getSubject() {
            return subject;
        }

        public void setSubject(Subject subject) {
            this.subject = subject;
        }

    }

AccPrincipal

public class AccPrincipal implements Principal, Serializable {

    /**
     * 
     */
    private static final long serialVersionUID = 5002820876845306935L;

    private final String  loginResponse;

    public AccPrincipal(String lr) {
        this.loginResponse=lr;
    }

    @Override
    public String getName() {
        return loginResponse;
    }

    public String getLoginResponse() {
        return loginResponse;
    }

    @Override
    public int hashCode() {
        final int prime = 31;
        int result = 1;
        result = prime * result + ((loginResponse == null) ? 0 : loginResponse.hashCode());
        return result;
    }

    @Override
    public boolean equals(Object obj) {
        if (this == obj)
            return true;
        if (obj == null)
            return false;
        if (getClass() != obj.getClass())
            return false;
        AccPrincipal other = (AccPrincipal) obj;
        if (loginResponse == null) {
            if (other.loginResponse != null)
                return false;
        } else if (!loginResponse.equals(other.loginResponse))
            return false;
        return true;
    }
}

AccRole

public class AccRole implements Principal, Serializable {

    /**
     * 
     */
    private static final long serialVersionUID = 2764250372647034496L;
    private String name;

    public AccRole(String name){
        this.name = name;
    }


    @Override
    public String getName() {
        return name;
    }


    public void setName(String name) {
        this.name = name;
    }


    @Override
    public int hashCode() {
        final int prime = 31;
        int result = 1;
        result = prime * result + ((name == null) ? 0 : name.hashCode());
        return result;
    }


    @Override
    public boolean equals(Object obj) {
        if (this == obj)
            return true;
        if (obj == null)
            return false;
        if (getClass() != obj.getClass())
            return false;
        AccRole other = (AccRole) obj;
        if (name == null) {
            if (other.name != null)
                return false;
        } else if (!name.equals(other.name))
            return false;
        return true;
    }


}

context.xml

<Context>
    <Realm className="org.apache.catalina.realm.JAASRealm" appName="acczk"
        userClassNames="com.laws.acc.jaas.AccPrincipal"
        roleClassNames="com.laws.acc.jaas.AccRole">
    </Realm>

</Context>

MyServlet.java

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
       final Subject subject = Subject.getSubject(AccessController.getContext());
       for (Principal princ : subject.getPrincipals()) {
           System.out.println(princ.getName());
       }
    }

Console:

09.04.2012 17:11:29 org.apache.catalina.startup.Catalina start
INFO: Server startup in 1385 ms
principal 1

How I can get all entity principals (principals+roles)? What I am doing wrong?

Akvel
  • 924
  • 1
  • 15
  • 32
  • I have added more code (Full list LoginModule,Principals) – Akvel Apr 10 '12 at 02:51
  • Why do you test `if (subject.getPrincipals().size() == 0)`? If you have modules chained together, the subject may already have Principals. Also can you try NOT adding "principal 2" and run a test? – Bruno Grieder Apr 10 '12 at 14:41
  • subject.getPrincipals().size() == 0 - I is just for test. Without "principal 2" - same result – Akvel Apr 11 '12 at 03:40

1 Answers1

1

Tomcat and Java EE in general doesn't work like that. You can't access the Subject in the way you are doing it.

See this answer for a full explanation: Tomcat-Jaas - How to retrieve subject?

Community
  • 1
  • 1
Arjan Tijms
  • 37,782
  • 12
  • 108
  • 140