narkive

unknown

1970-01-01 00:00:00 UTC

@Resource(name = "sessionContext")
private SessionContext sctx;
...
Principal principal = sctx.getCallerPrincipal();

if (!(principal instanceof MyCustomPrincipal)) {
System.out.println("I expected a " + MyCustomPrincipal.class.getName() + " but got a "
+ principal.getClass().getName() + " instead !!!!!!");

and the result is:

I expected a es.gc.epsilon.secure.api.shared.resources.MyCustomPrincipal but got a org.jboss.resteasy.skeleton.key.SkeletonKeyPrincipal instead

Is this a bug, is there another way to retrieve the caller principal, is there any wrong configuration?

Thanks.
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/826545#826545]

Start a new discussion in EJB3 at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2029]

------=_Part_801761_1471734219.1373013377839
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">

<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>

<td>

<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">



<a href="https://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>

</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
Custom principal is not propagated to ejb session context (resteasy3 + oauth)
</h3>

created by <a href="https://community.jboss.org/people/marcel.rovira">Marcel Rovira</a> in EJB3 - <a href="https://community.jboss.org/message/826545#826545">View the full discussion</a> <hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;"> <div class="jive-rendered-content">Hello, I'm using resteasy 3.0.1 Final with oauth in JBoss 6.1 EAP and my custom principal class is not propagated to sessioncontext in an EJB3. Oauth is configured as BearerTokenAuthenticator My login-module configuration in standalone.xml to use extended login module <login-module code="es.gc.epsilon.secure.api.shared.resources.MyDatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName" value="java:jboss/datasources/EpsilonXADS"/> <module-option name="principalsQuery" value="select PASSWORD from EP_USER where name=?"/> <module-option name="rolesQuery" value="select ROLE_NAME, 'Roles' from EP_USER_ROLE where USER_NAME = ?"/> <module-option name="hashAlgorithm" value="MD5"/> <module-option name="hashEncoding" value="base64"/> <module-option name="unauthenticatedIdentity" value="guest"/> </login-module> My DatabaseServerLoginModule: public class MyDatabaseServerLoginModule extends DatabaseServerLoginModule {  @Override   protected java.security.Principal createIdentity(String username) throws Exception {    System.out.println("createIdentity BEGIN");    MyCustomPrincipal p = null;     if (principalClassName == null) {       p = new MyCustomPrincipal(username);     } else {       p = (MyCustomPrincipal) super.createIdentity(username);     }    return p;   } ... My custom principal public class MyCustomPrincipal extends SimplePrincipal implements Serializable {    private static final long serialVersionUID = 1L;  private String tenant;  public MyCustomPrincipal(String name) {     super(name);     // TODO Auto-generated constructor stub   } ...   My oauth server configuration: jboss-web.xml <jboss-web>     <security-domain>java:/jaas/jaasEpsilon</security-domain>     <valve>         <class-name>org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve</class-name>     </valve> </jboss-web> My api rest configuration project: web.xml <login-config>   <auth-method>BASIC</auth-method>   <realm-name>jaasEpsilon</realm-name> </login-config>  <security-constraint>   <web-resource-collection>    <web-resource-name>All resources</web-resource-name>    <description>Protects all resources</description>    <url-pattern>/api/secure/*</url-pattern>    <http-method>GET</http-method>    <http-method>POST</http-method>   </web-resource-collection>   <auth-constraint>    <role-name>admin</role-name>    <role-name>employee</role-name>   </auth-constraint> </security-constraint>     <context-param>       <param-name>resteasy.role.based.security</param-name>       <param-value>true</param-value>    </context-param>    jboss-deployment-structure <jboss-deployment-structure>     <deployment>         <dependencies>             <module name="org.jboss.resteasy.resteasy-jaxrs" services="import"/>             <module name="org.jboss.resteasy.resteasy-jackson-provider" services="import"/>             <module name="org.jboss.resteasy.skeleton-key"/>         </dependencies>     </deployment> </jboss-deployment-structure> jboss-web.xml <jboss-web>     <valve>         <class-name>org.jboss.resteasy.skeleton.key.as7.BearerTokenAuthenticatorValve</class-name>     </valve> </jboss-web>