[RESOLVIDO] JAAS + Filter + JBoss 6.1 - Usuário null

LeoCBS · Março 20, 2012, 11:23am

Boa tarde galera,

estou com dificuldade em configurar JAAS + JBoss 6.1. O processo de login acontece com sucesso, porém quando cai no filtro após o login… o usuário está null:

SecurityAssociation.getPrincipal()

o código acima retorna null…

alguma dica galera?

segue abaixo toda a minha confguração

Filter:

package br.com.lugarcerto.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.jboss.security.SecurityAssociation;

public class LoginFilter implements Filter {

	@Override
	public void destroy() {
		// TODO Auto-generated method stub

	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		String userName = SecurityAssociation.getPrincipal().getName();

		System.out.println("Yeeey! Get me here and find me in the database: "
				+ userName);

		chain.doFilter(request, response);
	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub

	}

}

web.xml

[code]

<?xml version="1.0" encoding="UTF-8"?> sample project Faces Servlet javax.faces.webapp.FacesServlet 1 Faces Servlet *.jsf 30 404 /faces/error.xhtml 500 /faces/error.xhtml

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Usuarios</web-resource-name>
        <url-pattern>/usuario/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>ROLE_USUARIO</role-name>
    </auth-constraint>
</security-constraint>

 <!-- Validation By Form -->
<login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
        <form-login-page>/cadastro/cadastro.jsf</form-login-page>
        <form-error-page>/error/acessonegado.jsf</form-error-page>
    </form-login-config>
</login-config>

 <!-- Allowed Roles -->
<security-role>
    <role-name>ROLE_USUARIO</role-name>
</security-role>

<!-- Filter to get the user name and work with it -->
<filter>
    <filter-name>LoginFilter</filter-name>
    <filter-class>br.com.lugarcerto.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>LoginFilter</filter-name>
    <url-pattern>/usuario/*</url-pattern>
</filter-mapping>

[/code]

meu jboss-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <!-- Links with JBoss the Realm to use -->
    <security-domain>java:/jaas/login-lugar-certo</security-domain>
</jboss-web>

meu login-config.xml

<application-policy name="login-lugar-certo">
    <authentication>
        <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
            <module-option name="dsJndiName">java:/lugarcerto</module-option>
            <module-option name="principalsQuery">SELECT U.SENHA FROM USUARIO U WHERE U.EMAIL=?</module-option>
            <module-option name="rolesQuery">SELECT P.DS_PERFIL, 'Roles' FROM USUARIO U
    		 INNER JOIN PERFIL P ON U.PERFIL_ID_PERFIL = P.ID_PERFIL WHERE U.EMAIL=?</module-option>
	    <!--<module-option name ="hashAlgorithm">md5</module-option>-->
        </login-module>
    </authentication>
</application-policy>

log do jboss no processo de login:

[code]13:24:45,807 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /lugarcerto/usuario/j_security_check
13:24:45,809 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authenticating username ‘leo@leo.com’
13:24:45,811 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] Begin isValid, principal:leo@leo.com, cache info: null
13:24:45,811 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] defaultLogin, principal=leo@leo.com
13:24:45,812 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(login-lugar-certo), size=12
13:24:45,813 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(login-lugar-certo), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=principalsQuery, value=SELECT U.SENHA FROM USUARIO U WHERE U.EMAIL=?
name=dsJndiName, value=java:/lugarcerto
name=rolesQuery, value=SELECT P.DS_PERFIL, ‘Roles’ FROM USUARIO U
INNER JOIN PERFIL P ON U.PERFIL_ID_PERFIL = P.ID_PERFIL WHERE U.EMAIL=?

13:24:45,819 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize
13:24:45,819 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Security domain: login-lugar-certo
13:24:45,820 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/lugarcerto
13:24:45,820 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=SELECT U.SENHA FROM USUARIO U WHERE U.EMAIL=?
13:24:45,820 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=SELECT P.DS_PERFIL, ‘Roles’ FROM USUARIO U
INNER JOIN PERFIL P ON U.PERFIL_ID_PERFIL = P.ID_PERFIL WHERE U.EMAIL=?
13:24:45,820 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendResume=true
13:24:45,821 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
13:24:45,821 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
13:24:45,822 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT U.SENHA FROM USUARIO U WHERE U.EMAIL=?, with username: leo@leo.com
13:24:45,823 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Obtained user password
13:24:45,823 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
13:24:45,824 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User ‘leo@leo.com’ authenticated, loginOk=true
13:24:45,824 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true
13:24:45,824 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] getRoleSets using rolesQuery: SELECT P.DS_PERFIL, ‘Roles’ FROM USUARIO U
INNER JOIN PERFIL P ON U.PERFIL_ID_PERFIL = P.ID_PERFIL WHERE U.EMAIL=?, username: leo@leo.com
13:24:45,832 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
13:24:45,833 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT P.DS_PERFIL, ‘Roles’ FROM USUARIO U
INNER JOIN PERFIL P ON U.PERFIL_ID_PERFIL = P.ID_PERFIL WHERE U.EMAIL=?, with username: leo@leo.com
13:24:45,836 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role ROLE_USUARIO
13:24:45,836 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
13:24:45,838 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] defaultLogin, lc=javax.security.auth.login.LoginContext@7e44258, subject=Subject(1516608005).principals=org.jboss.security.SimplePrincipal@573986900(leo@leo.com)org.jboss.security.SimpleGroup@104627471(Roles(members:ROLE_USUARIO))
13:24:45,838 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] updateCache, inputSubject=Subject(1516608005).principals=org.jboss.security.SimplePrincipal@573986900(leo@leo.com)org.jboss.security.SimpleGroup@104627471(Roles(members:ROLE_USUARIO)), cacheSubject=Subject(1147333792).principals=org.jboss.security.SimplePrincipal@573986900(leo@leo.com)org.jboss.security.SimpleGroup@104627471(Roles(members:ROLE_USUARIO))
13:24:45,838 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] Inserted cache info: org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@3a9d1f73[Subject(1147333792).principals=org.jboss.security.SimplePrincipal@573986900(leo@leo.com)org.jboss.security.SimpleGroup@104627471(Roles(members:ROLE_USUARIO)),credential.class=java.lang.String@944780329,expirationTime=1332262482323]
13:24:45,838 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] End isValid, true
13:24:45,838 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] User: leo@leo.com is authenticated
13:24:45,840 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] getPrincipal, cache info: org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@3a9d1f73[Subject(1147333792).principals=org.jboss.security.SimplePrincipal@573986900(leo@leo.com)org.jboss.security.SimpleGroup@104627471(Roles(members:ROLE_USUARIO)),credential.class=java.lang.String@944780329,expirationTime=1332262482323]
13:24:45,845 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authentication of ‘leo@leo.com’ was successful
13:24:45,845 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Redirecting to original ‘/lugarcerto/usuario/meusdados.jsf’
13:24:45,845 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test ??/lugarcerto/usuario/j_security_check
13:24:45,845 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
13:24:45,848 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:{}
13:24:45,848 TRACE [org.jboss.web.tomcat.security.JaccContextValve] MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1f:principalToRoleSetMap{}
13:24:45,848 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /lugarcerto/usuario/meusdados.jsf
13:24:45,848 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint ‘SecurityConstraint[Usuarios]’ against GET /usuario/meusdados.jsf --> true
13:24:45,848 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint ‘SecurityConstraint[Usuarios]’ against GET /usuario/meusdados.jsf --> true
13:24:45,848 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()
13:24:45,849 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions
13:24:45,849 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
13:24:45,849 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()
13:24:45,849 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Restore request from session ‘13247D460F5A0D0AF9B507545DD186E7’
13:24:45,849 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Authenticated ‘leo@leo.com’ with type ‘FORM’
13:24:45,850 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Proceed to restored request
13:24:45,850 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling accessControl()
13:24:45,850 DEBUG [org.apache.catalina.realm.RealmBase] Checking roles GenericPrincipal[leo@leo.com(ROLE_USUARIO,)]
13:24:45,851 DEBUG [org.apache.catalina.realm.RealmBase] Username leo@leo.com has role ROLE_USUARIO
13:24:45,853 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
13:24:45,853 DEBUG [org.apache.catalina.realm.RealmBase] Role found: ROLE_USUARIO
13:24:45,853 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
13:24:45,853 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Successfully passed all security constraints
13:24:45,853 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, caller=GenericPrincipal[leo@leo.com(ROLE_USUARIO,)]
13:24:45,854 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Restoring principal info from cache
13:24:45,854 TRACE [org.jboss.web.tomcat.security.RunAsListener] Faces Servlet, runAs: null
13:24:45,854 TRACE [org.jboss.web.tomcat.security.RunAsListener] Faces Servlet, runAs: null
13:24:45,854 DEBUG [org.jboss.security.SecurityAssociation] Using ThreadLocal: false
13:24:45,855 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=null
13:24:45,855 TRACE [org.jboss.web.tomcat.security.RunAsListener] Faces Servlet, runAs: null
13:24:45,855 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/lugarcerto].[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception: java.lang.NullPointerException
at br.com.lugarcerto.filter.LoginFilter.doFilter(LoginFilter.java:25) [:][/code]

LeoCBS · Março 20, 2012, 2:05pm

No lugar de uma filtro… to pensando em usar um LoginModule próprio…

alguma dica de como configurar a partir do que já tenho feito?

obrigado pela ajuda galera!

LeoCBS · Março 20, 2012, 8:43pm

Resolvi meu problema fazendo lookup em um EJB dentro do filtro. Não utilizei uma implementação própria do LoginModule, continuei com o org.jboss.security.auth.spi.DatabaseServerLoginModule

Dentro do meu EJB tenho o SessionContext e dentro dele tenho o Objeto Principal…

com isto consegui recuperar o usuário e colocar na sessão

OBS: Só cai no Filter depois do sucesso na autenticação

No meu Filter:

        @Override
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest servletRequest = (HttpServletRequest) request;
		HttpSession httpSession = servletRequest.getSession(false);
		if(httpSession.getAttribute(LugarCertoConstants.USUARIO_LOGADO) == null){
			try {
				final Context ctx = new InitialContext();
				UsuarioBBusinessLocal bean = (UsuarioBBusinessLocal) ctx.lookup(UsuarioBBusinessLocal.JNDI_NAME);
				bean.setUsuarioLogadoSessao((HttpServletRequest) request);
			} catch (NamingException e) {
				e.printStackTrace();
			}
		}
		
		chain.doFilter(request, response);
	}

No EJB:

        @Resource
	private SessionContext sessionContext;

        /**
	 * @see UsuarioBBusinessLocal#setUsuarioLogadoSessao()
	 */
	public void setUsuarioLogadoSessao(HttpServletRequest httpServletRequest){
		Principal user = sessionContext.getCallerPrincipal();
		Usuario usuario = this.findUsuarioByEmail(user.getName()).get(0);
		HttpSession session = httpServletRequest.getSession(false);
		session.setAttribute(LugarCertoConstants.USUARIO_LOGADO, usuario);
		
	}

Mais documentação da implementação do LoginModule que eu usei:
https://community.jboss.org/wiki/DatabaseServerLoginModule

abraço galera!

LeoCBS · Maio 23, 2012, 11:45am

Fala pessoal,

tutorial para configurar o JAAS no JBoss 6.1

abraço

system · Dezembro 29, 2015, 8:04am

[RESOLVIDO] JAAS + Filter + JBoss 6.1 - Usuário null

Cursos de Mobile

Cursos de Programação

Cursos de Front-end

Cursos de DevOps

Cursos de Design & UX

Cursos de Business

Cursos de Data & BI