Marcel Rovira
2013-07-05 08:36:17 UTC
Marcel Rovira [https://community.jboss.org/people/marcel.rovira] created the discussion
"Custom principal is not propagated to ejb session context (resteasy3 + oauth)"
To view the discussion, visit: https://community.jboss.org/message/826545#826545
--------------------------------------------------------------
Hello,
I'm using resteasy 3.0.1 Final with oauth in JBoss 6.1 EAP and my custom principal class is not propagated to sessioncontext in an EJB3.
Oauth is configured as BearerTokenAuthenticator
My login-module configuration in standalone.xml to use extended login module
<login-module code="es.gc.epsilon.secure.api.shared.resources.MyDatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/EpsilonXADS"/>
<module-option name="principalsQuery" value="select PASSWORD from EP_USER where name=?"/>
<module-option name="rolesQuery" value="select ROLE_NAME, 'Roles' from EP_USER_ROLE where USER_NAME = ?"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="base64"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
My DatabaseServerLoginModule:
public class MyDatabaseServerLoginModule extends DatabaseServerLoginModule {
 @Override
 protected java.security.Principal createIdentity(String username) throws Exception {
   System.out.println("createIdentity BEGIN");
   MyCustomPrincipal p = null;
   if (principalClassName == null) {
     p = new MyCustomPrincipal(username);
   } else {
     p = (MyCustomPrincipal) super.createIdentity(username);
   }
   return p;
 }
...
My custom principal
public class MyCustomPrincipal extends SimplePrincipal implements Serializable {Â
 private static final long serialVersionUID = 1L;
 private String tenant;
 public MyCustomPrincipal(String name) {
   super(name);
   // TODO Auto-generated constructor stub
 }
...
Â
My oauth server configuration:
*jboss-web.xml*
<jboss-web>
   <security-domain>java:/jaas/jaasEpsilon</security-domain>
   <valve>
       <class-name>org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve</class-name>
   </valve>
</jboss-web>
My api rest configuration project:
*web.xml*
<login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>jaasEpsilon</realm-name>
</login-config>
 <security-constraint>
 <web-resource-collection>
  <web-resource-name>All resources</web-resource-name>
  <description>Protects all resources</description>
  <url-pattern>/api/secure/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
  <role-name>admin</role-name>
  <role-name>employee</role-name>
 </auth-constraint>
</security-constraint>
   <context-param>
     <param-name>resteasy.role.based.security</param-name>
     <param-value>true</param-value>
  </context-param>
 Â
*jboss-deployment-structure*
<jboss-deployment-structure>
   <deployment>
       <dependencies>
           <module name="org.jboss.resteasy.resteasy-jaxrs" services="import"/>
           <module name="org.jboss.resteasy.resteasy-jackson-provider" services="import"/>
           <module name="org.jboss.resteasy.skeleton-key"/>
       </dependencies>
   </deployment>
</jboss-deployment-structure>
*jboss-web.xml*
<jboss-web>
   <valve>
       <class-name>org.jboss.resteasy.skeleton.key.as7.BearerTokenAuthenticatorValve</class-name>
   </valve>
</jboss-web>
"Custom principal is not propagated to ejb session context (resteasy3 + oauth)"
To view the discussion, visit: https://community.jboss.org/message/826545#826545
--------------------------------------------------------------
Hello,
I'm using resteasy 3.0.1 Final with oauth in JBoss 6.1 EAP and my custom principal class is not propagated to sessioncontext in an EJB3.
Oauth is configured as BearerTokenAuthenticator
My login-module configuration in standalone.xml to use extended login module
<login-module code="es.gc.epsilon.secure.api.shared.resources.MyDatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/EpsilonXADS"/>
<module-option name="principalsQuery" value="select PASSWORD from EP_USER where name=?"/>
<module-option name="rolesQuery" value="select ROLE_NAME, 'Roles' from EP_USER_ROLE where USER_NAME = ?"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="base64"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
My DatabaseServerLoginModule:
public class MyDatabaseServerLoginModule extends DatabaseServerLoginModule {
 @Override
 protected java.security.Principal createIdentity(String username) throws Exception {
   System.out.println("createIdentity BEGIN");
   MyCustomPrincipal p = null;
   if (principalClassName == null) {
     p = new MyCustomPrincipal(username);
   } else {
     p = (MyCustomPrincipal) super.createIdentity(username);
   }
   return p;
 }
...
My custom principal
public class MyCustomPrincipal extends SimplePrincipal implements Serializable {Â
 private static final long serialVersionUID = 1L;
 private String tenant;
 public MyCustomPrincipal(String name) {
   super(name);
   // TODO Auto-generated constructor stub
 }
...
Â
My oauth server configuration:
*jboss-web.xml*
<jboss-web>
   <security-domain>java:/jaas/jaasEpsilon</security-domain>
   <valve>
       <class-name>org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve</class-name>
   </valve>
</jboss-web>
My api rest configuration project:
*web.xml*
<login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>jaasEpsilon</realm-name>
</login-config>
 <security-constraint>
 <web-resource-collection>
  <web-resource-name>All resources</web-resource-name>
  <description>Protects all resources</description>
  <url-pattern>/api/secure/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
  <role-name>admin</role-name>
  <role-name>employee</role-name>
 </auth-constraint>
</security-constraint>
   <context-param>
     <param-name>resteasy.role.based.security</param-name>
     <param-value>true</param-value>
  </context-param>
 Â
*jboss-deployment-structure*
<jboss-deployment-structure>
   <deployment>
       <dependencies>
           <module name="org.jboss.resteasy.resteasy-jaxrs" services="import"/>
           <module name="org.jboss.resteasy.resteasy-jackson-provider" services="import"/>
           <module name="org.jboss.resteasy.skeleton-key"/>
       </dependencies>
   </deployment>
</jboss-deployment-structure>
*jboss-web.xml*
<jboss-web>
   <valve>
       <class-name>org.jboss.resteasy.skeleton.key.as7.BearerTokenAuthenticatorValve</class-name>
   </valve>
</jboss-web>