struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Benussi" <>
Subject Re: My first JAAS implementation. A few questions.
Date Mon, 08 Aug 2005 20:43:21 GMT
Oh I see so if I added other properties to my Principal like their proper 
name I would loose that. Understood but not a problem as I have a session 
class for that kind of detail.

Thanks for your info though.... much appreciated.

----Original Message Follows----
From: Adam Hardy <>
Reply-To: "Struts Users Mailing List" <>
To: Struts Users Mailing List <>
Subject: Re: My first JAAS implementation. A few questions.
Date: Mon, 08 Aug 2005 19:57:12 +0100

Hi Mark,

this wasn't really Struts but here goes anyway since I happen to know.

If you are using container-managed security in tomcat, then you should be 
aware that tomcat has not implemented a pathway between JAAS and the session 
which provides any more than the transfer of the username and the roles.

Whatever else you put in your principal is discarded.

I am not sure why you are losing your roles as well. I have completely 
different code for a JBoss implementation.

Mark Benussi on 08/08/05 19:24, wrote:
>I am implementing my first JAAS implementation and have some
>Firstly my commit method of my LoginModule does the following (User and 
>both implement Principal)
>// Create a new User Principal with the user name retrieved from the
>User user = new User(username);
>// Add the principal to the subject
>for (int i = 0; i < roles.length; i++) {
>	// Iterate the role names retrieved from the database lookup
>        String roleName = roles[i];
>        // Create a new Role Principal with the role name
>	Role role = new Role(roleName);
>	// Add it to the public credentials to see if it works
>	subject.getPublicCredentials().add(role);
>	// Add it to the private credentials to see if it works
>	subject.getPrivateCredentials().add(role);
>return true;
>In the JSP that the application returns to after doing form based
>authentication the following occurs
><p>Subject = <%= Subject.getSubject(AccessController.getContext()) %></p>
><p>Remote User = <%= request.getRemoteUser() %></p>
><p>User Prinicipal = <%= request.getUserPrincipal() %></p>
>But this produces
>Subject = null
>Remote User = administrator
>User Prinicipal = GenericPrincipal[administrator()]
>Why is the subject null please?
>The request.isUserInRole() methods for the role names I added to the 
>also return false... has anyone got some helpful ideas please?
>If more source is needed I can gladly provide it if will help
>To unsubscribe, e-mail:
>For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message