Discussoes de Programacao e Tecnologia

[RESOLVIDO] JAAS + Filter + JBoss 6.1 - Usuário null

3 respostas
L
LeoCBS

Boa tarde galera,

estou com dificuldade em configurar JAAS + JBoss 6.1. O processo de login acontece com sucesso, porém quando cai no filtro após o login.. o usuário está null:

SecurityAssociation.getPrincipal()

o código acima retorna null..

alguma dica galera?

segue abaixo toda a minha confguração

Filter: 
package br.com.lugarcerto.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.jboss.security.SecurityAssociation;

public class LoginFilter implements Filter {

	@Override
	public void destroy() {
		// TODO Auto-generated method stub

	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		String userName = SecurityAssociation.getPrincipal().getName();

		System.out.println("Yeeey! Get me here and find me in the database: "
				+ userName);

		chain.doFilter(request, response);
	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub

	}

}
web.xml 
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
  <display-name>sample project</display-name>
  <servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.jsf</url-pattern>
  </servlet-mapping>
  <session-config>
    <session-timeout>30</session-timeout>
  </session-config>
  <error-page>
    <error-code>404</error-code>
    <location>/faces/error.xhtml</location>
  </error-page>
  <error-page>
    <error-code>500</error-code>
    <location>/faces/error.xhtml</location>
  </error-page>
  
  <!-- Protected Areas -->
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Usuarios</web-resource-name>
            <url-pattern>/usuario/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>ROLE_USUARIO</role-name>
        </auth-constraint>
    </security-constraint>
    
     <!-- Validation By Form -->
    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/cadastro/cadastro.jsf</form-login-page>
            <form-error-page>/error/acessonegado.jsf</form-error-page>
        </form-login-config>
    </login-config>
    
     <!-- Allowed Roles -->
    <security-role>
        <role-name>ROLE_USUARIO</role-name>
    </security-role>
    
    <!-- Filter to get the user name and work with it -->
    <filter>
        <filter-name>LoginFilter</filter-name>
        <filter-class>br.com.lugarcerto.filter.LoginFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>LoginFilter</filter-name>
        <url-pattern>/usuario/*</url-pattern>
    </filter-mapping>
</web-app>
meu jboss-web.xml 
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <!-- Links with JBoss the Realm to use -->
    <security-domain>java:/jaas/login-lugar-certo</security-domain>
</jboss-web>
meu login-config.xml 
<application-policy name="login-lugar-certo">
    <authentication>
        <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
            <module-option name="dsJndiName">java:/lugarcerto</module-option>
            <module-option name="principalsQuery">SELECT U.SENHA FROM USUARIO U WHERE U.EMAIL=?</module-option>
            <module-option name="rolesQuery">SELECT P.DS_PERFIL, 'Roles' FROM USUARIO U
    		 INNER JOIN PERFIL P ON U.PERFIL_ID_PERFIL = P.ID_PERFIL WHERE U.EMAIL=?</module-option>
	    <!--<module-option name ="hashAlgorithm">md5</module-option>-->
        </login-module>
    </authentication>
</application-policy>

log do jboss no processo de login:

13:24:45,807 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /lugarcerto/usuario/j_security_check
13:24:45,809 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authenticating username '[email removido]'
13:24:45,811 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] Begin isValid, principal:[email removido], cache info: null
13:24:45,811 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] defaultLogin, principal=[email removido]
13:24:45,812 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(login-lugar-certo), size=12
13:24:45,813 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(login-lugar-certo), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=principalsQuery, value=SELECT U.SENHA FROM USUARIO U WHERE U.EMAIL=?
name=dsJndiName, value=java:/lugarcerto
name=rolesQuery, value=SELECT P.DS_PERFIL, 'Roles' FROM USUARIO U
    		 INNER JOIN PERFIL P ON U.PERFIL_ID_PERFIL = P.ID_PERFIL WHERE U.EMAIL=?

13:24:45,819 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize
13:24:45,819 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Security domain: login-lugar-certo
13:24:45,820 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/lugarcerto
13:24:45,820 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=SELECT U.SENHA FROM USUARIO U WHERE U.EMAIL=?
13:24:45,820 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=SELECT P.DS_PERFIL, 'Roles' FROM USUARIO U
    		 INNER JOIN PERFIL P ON U.PERFIL_ID_PERFIL = P.ID_PERFIL WHERE U.EMAIL=?
13:24:45,820 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendResume=true
13:24:45,821 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
13:24:45,821 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
13:24:45,822 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT U.SENHA FROM USUARIO U WHERE U.EMAIL=?, with username: [email removido]
13:24:45,823 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Obtained user password
13:24:45,823 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
13:24:45,824 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User '[email removido]' authenticated, loginOk=true
13:24:45,824 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true
13:24:45,824 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] getRoleSets using rolesQuery: SELECT P.DS_PERFIL, 'Roles' FROM USUARIO U
    		 INNER JOIN PERFIL P ON U.PERFIL_ID_PERFIL = P.ID_PERFIL WHERE U.EMAIL=?, username: [email removido]
13:24:45,832 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
13:24:45,833 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT P.DS_PERFIL, 'Roles' FROM USUARIO U
    		 INNER JOIN PERFIL P ON U.PERFIL_ID_PERFIL = P.ID_PERFIL WHERE U.EMAIL=?, with username: [email removido]
13:24:45,836 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role ROLE_USUARIO
13:24:45,836 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
13:24:45,838 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] defaultLogin, lc=javax.security.auth.login.LoginContext@7e44258, subject=Subject[telefone removido]).principals=org.jboss.security.SimplePrincipal@573986900([email removido])org.jboss.security.SimpleGroup@104627471(Roles(members:ROLE_USUARIO))
13:24:45,838 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] updateCache, inputSubject=Subject[telefone removido]).principals=org.jboss.security.SimplePrincipal@573986900([email removido])org.jboss.security.SimpleGroup@104627471(Roles(members:ROLE_USUARIO)), cacheSubject=Subject[telefone removido]).principals=org.jboss.security.SimplePrincipal@573986900([email removido])org.jboss.security.SimpleGroup@104627471(Roles(members:ROLE_USUARIO))
13:24:45,838 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] Inserted cache info: org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@3a9d1f73[Subject[telefone removido]).principals=org.jboss.security.SimplePrincipal@573986900([email removido])org.jboss.security.SimpleGroup@104627471(Roles(members:ROLE_USUARIO)),credential.class=java.lang.String@944780329,expirationTime=1332262482323]
13:24:45,838 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] End isValid, true
13:24:45,838 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] User: [email removido] is authenticated
13:24:45,840 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] getPrincipal, cache info: org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@3a9d1f73[Subject[telefone removido]).principals=org.jboss.security.SimplePrincipal@573986900([email removido])org.jboss.security.SimpleGroup@104627471(Roles(members:ROLE_USUARIO)),credential.class=java.lang.String@944780329,expirationTime=1332262482323]
13:24:45,845 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authentication of '[email removido]' was successful
13:24:45,845 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Redirecting to original '/lugarcerto/usuario/meusdados.jsf'
13:24:45,845 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase]  Failed authenticate() test ??/lugarcerto/usuario/j_security_check
13:24:45,845 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
13:24:45,848 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:{}
13:24:45,848 TRACE [org.jboss.web.tomcat.security.JaccContextValve] MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1f:principalToRoleSetMap{}
13:24:45,848 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /lugarcerto/usuario/meusdados.jsf
13:24:45,848 DEBUG [org.apache.catalina.realm.RealmBase]   Checking constraint 'SecurityConstraint[Usuarios]' against GET /usuario/meusdados.jsf --> true
13:24:45,848 DEBUG [org.apache.catalina.realm.RealmBase]   Checking constraint 'SecurityConstraint[Usuarios]' against GET /usuario/meusdados.jsf --> true
13:24:45,848 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase]  Calling hasUserDataPermission()
13:24:45,849 DEBUG [org.apache.catalina.realm.RealmBase]   User data constraint has no restrictions
13:24:45,849 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
13:24:45,849 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase]  Calling authenticate()
13:24:45,849 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Restore request from session '13247D460F5A0D0AF9B507545DD186E7'
13:24:45,849 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Authenticated '[email removido]' with type 'FORM'
13:24:45,850 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Proceed to restored request
13:24:45,850 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase]  Calling accessControl()
13:24:45,850 DEBUG [org.apache.catalina.realm.RealmBase]   Checking roles GenericPrincipal[[email removido](ROLE_USUARIO,)]
13:24:45,851 DEBUG [org.apache.catalina.realm.RealmBase] Username [email removido] has role ROLE_USUARIO
13:24:45,853 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
13:24:45,853 DEBUG [org.apache.catalina.realm.RealmBase] Role found:  ROLE_USUARIO
13:24:45,853 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
13:24:45,853 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase]  Successfully passed all security constraints
13:24:45,853 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, caller=GenericPrincipal[[email removido](ROLE_USUARIO,)]
13:24:45,854 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Restoring principal info from cache
13:24:45,854 TRACE [org.jboss.web.tomcat.security.RunAsListener] Faces Servlet, runAs: null
13:24:45,854 TRACE [org.jboss.web.tomcat.security.RunAsListener] Faces Servlet, runAs: null
13:24:45,854 DEBUG [org.jboss.security.SecurityAssociation] Using ThreadLocal: false
13:24:45,855 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=null
13:24:45,855 TRACE [org.jboss.web.tomcat.security.RunAsListener] Faces Servlet, runAs: null
13:24:45,855 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/lugarcerto].[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception: java.lang.NullPointerException
	at br.com.lugarcerto.filter.LoginFilter.doFilter(LoginFilter.java:25) [:]
Alura Desenvolvimento Back-End Java Sua Carreira em desenvolvimento back-end Java: dos fundamentos à arquitetura de sistemas...

3 Respostas

L
LeoCBS

No lugar de uma filtro… to pensando em usar um LoginModule próprio…

alguma dica de como configurar a partir do que já tenho feito?

obrigado pela ajuda galera!

L
LeoCBS

Resolvi meu problema fazendo lookup em um EJB dentro do filtro. Não utilizei uma implementação própria do LoginModule, continuei com o org.jboss.security.auth.spi.DatabaseServerLoginModule

Dentro do meu EJB tenho o SessionContext e dentro dele tenho o Objeto Principal…

com isto consegui recuperar o usuário e colocar na sessão

OBS: Só cai no Filter depois do sucesso na autenticação

No meu Filter:

@Override
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest servletRequest = (HttpServletRequest) request;
		HttpSession httpSession = servletRequest.getSession(false);
		if(httpSession.getAttribute(LugarCertoConstants.USUARIO_LOGADO) == null){
			try {
				final Context ctx = new InitialContext();
				UsuarioBBusinessLocal bean = (UsuarioBBusinessLocal) ctx.lookup(UsuarioBBusinessLocal.JNDI_NAME);
				bean.setUsuarioLogadoSessao((HttpServletRequest) request);
			} catch (NamingException e) {
				e.printStackTrace();
			}
		}
		
		chain.doFilter(request, response);
	}

No EJB:

@Resource
	private SessionContext sessionContext;

        /**
	 * @see UsuarioBBusinessLocal#setUsuarioLogadoSessao()
	 */
	public void setUsuarioLogadoSessao(HttpServletRequest httpServletRequest){
		Principal user = sessionContext.getCallerPrincipal();
		Usuario usuario = this.findUsuarioByEmail(user.getName()).get(0);
		HttpSession session = httpServletRequest.getSession(false);
		session.setAttribute(LugarCertoConstants.USUARIO_LOGADO, usuario);
		
	}

Mais documentação da implementação do LoginModule que eu usei:
https://community.jboss.org/wiki/DatabaseServerLoginModule

abraço galera!

L
LeoCBS

Fala pessoal,

tutorial para configurar o JAAS no JBoss 6.1

abraço

Criado 20 de março de 2012
Ultima resposta 23 de mai. de 2012
Respostas 3
Participantes 1

Topicos relacionados

Problemas ao fazer chamada a functions pl/sql sobrecarregados 12 respostas Re:ler arquivo dentro do diretorio da aplicação 14 respostas Pegar o caminho do diretório do usuário logado 2 respostas Descriptografar MD5 27 respostas Caminho Relativo no Windows pegando do C: ou / 2 respostas
Alura Git Flow: entenda o que é, como e quando utilizar Entenda o que é Git Flow, como funciona seu fluxo com branches como Master, Develop, Feature, Release e Hotfix, além de vantagens e desvantagens.
Casa do Codigo Ontologias e Web Semantica: Do conceito a aplicacao Por Ivam Galvao Filho — Casa do Codigo