Discussion:
[jboss-user] [EJB3] - Custom principal is not propagated to ejb session context (resteasy3 + oauth)
Marcel Rovira
2013-07-05 08:36:17 UTC
Permalink
Marcel Rovira [https://community.jboss.org/people/marcel.rovira] created the discussion

"Custom principal is not propagated to ejb session context (resteasy3 + oauth)"

To view the discussion, visit: https://community.jboss.org/message/826545#826545

--------------------------------------------------------------
Hello,

I'm using resteasy 3.0.1 Final with oauth in JBoss 6.1 EAP and my custom principal class is not propagated to sessioncontext in an EJB3.
Oauth is configured as BearerTokenAuthenticator

My login-module configuration in standalone.xml to use extended login module

<login-module code="es.gc.epsilon.secure.api.shared.resources.MyDatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/EpsilonXADS"/>
<module-option name="principalsQuery" value="select PASSWORD from EP_USER where name=?"/>
<module-option name="rolesQuery" value="select ROLE_NAME, 'Roles' from EP_USER_ROLE where USER_NAME = ?"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="base64"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>

My DatabaseServerLoginModule:

public class MyDatabaseServerLoginModule extends DatabaseServerLoginModule {
  @Override
  protected java.security.Principal createIdentity(String username) throws Exception {
    System.out.println("createIdentity BEGIN");
    MyCustomPrincipal p = null;
    if (principalClassName == null) {
      p = new MyCustomPrincipal(username);
    } else {
      p = (MyCustomPrincipal) super.createIdentity(username);
    }
    return p;
  }
...

My custom principal

public class MyCustomPrincipal extends SimplePrincipal implements Serializable { 
  private static final long serialVersionUID = 1L;
  private String tenant;
  public MyCustomPrincipal(String name) {
    super(name);
    // TODO Auto-generated constructor stub
  }
...
 
My oauth server configuration:

*jboss-web.xml*
<jboss-web>
    <security-domain>java:/jaas/jaasEpsilon</security-domain>
    <valve>
        <class-name>org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve</class-name>
    </valve>
</jboss-web>

My api rest configuration project:

*web.xml*
<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>jaasEpsilon</realm-name>
</login-config>
  <security-constraint>
  <web-resource-collection>
   <web-resource-name>All resources</web-resource-name>
   <description>Protects all resources</description>
   <url-pattern>/api/secure/*</url-pattern>
   <http-method>GET</http-method>
   <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
   <role-name>admin</role-name>
   <role-name>employee</role-name>
  </auth-constraint>
</security-constraint>

    <context-param>
      <param-name>resteasy.role.based.security</param-name>
      <param-value>true</param-value>
   </context-param>
  
*jboss-deployment-structure*

<jboss-deployment-structure>
    <deployment>
        <dependencies>
            <module name="org.jboss.resteasy.resteasy-jaxrs" services="import"/>
            <module name="org.jboss.resteasy.resteasy-jackson-provider" services="import"/>
            <module name="org.jboss.resteasy.skeleton-key"/>
        </dependencies>
    </deployment>
</jboss-deployment-structure>

*jboss-web.xml*
<jboss-web>
    <valve>
        <class-name>org.jboss.resteasy.skeleton.key.as7.BearerTokenAuthenticatorValve</class-name>
    </valve>
</jboss-web>

Loading...