Discussoes de Programacao e Tecnologia

[RESOLVIDO] JAAS + Filter + JBoss 6.1 - Usuário null

3 respostas
LeoCBS
LeoCBS

Boa tarde galera,

estou com dificuldade em configurar JAAS + JBoss 6.1. O processo de login acontece com sucesso, porém quando cai no filtro após o login.. o usuário está null:

SecurityAssociation.getPrincipal()

o código acima retorna null..

alguma dica galera?

segue abaixo toda a minha confguração

Filter: 
package br.com.lugarcerto.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.jboss.security.SecurityAssociation;

public class LoginFilter implements Filter {

	@Override
	public void destroy() {
		// TODO Auto-generated method stub

	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		String userName = SecurityAssociation.getPrincipal().getName();

		System.out.println("Yeeey! Get me here and find me in the database: "
				+ userName);

		chain.doFilter(request, response);
	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub

	}

}
web.xml 
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
  <display-name>sample project</display-name>
  <servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.jsf</url-pattern>
  </servlet-mapping>
  <session-config>
    <session-timeout>30</session-timeout>
  </session-config>
  <error-page>
    <error-code>404</error-code>
    <location>/faces/error.xhtml</location>
  </error-page>
  <error-page>
    <error-code>500</error-code>
    <location>/faces/error.xhtml</location>
  </error-page>
  
  <!-- Protected Areas -->
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Usuarios</web-resource-name>
            <url-pattern>/usuario/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>ROLE_USUARIO</role-name>
        </auth-constraint>
    </security-constraint>
    
     <!-- Validation By Form -->
    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/cadastro/cadastro.jsf</form-login-page>
            <form-error-page>/error/acessonegado.jsf</form-error-page>
        </form-login-config>
    </login-config>
    
     <!-- Allowed Roles -->
    <security-role>
        <role-name>ROLE_USUARIO</role-name>
    </security-role>
    
    <!-- Filter to get the user name and work with it -->
    <filter>
        <filter-name>LoginFilter</filter-name>
        <filter-class>br.com.lugarcerto.filter.LoginFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>LoginFilter</filter-name>
        <url-pattern>/usuario/*</url-pattern>
    </filter-mapping>
</web-app>
meu jboss-web.xml 
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <!-- Links with JBoss the Realm to use -->
    <security-domain>java:/jaas/login-lugar-certo</security-domain>
</jboss-web>
meu login-config.xml 
<application-policy name="login-lugar-certo">
    <authentication>
        <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
            <module-option name="dsJndiName">java:/lugarcerto</module-option>
            <module-option name="principalsQuery">SELECT U.SENHA FROM USUARIO U WHERE U.EMAIL=?</module-option>
            <module-option name="rolesQuery">SELECT P.DS_PERFIL, 'Roles' FROM USUARIO U
    		 INNER JOIN PERFIL P ON U.PERFIL_ID_PERFIL = P.ID_PERFIL WHERE U.EMAIL=?</module-option>
	    <!--<module-option name ="hashAlgorithm">md5</module-option>-->
        </login-module>
    </authentication>
</application-policy>

log do jboss no processo de login:

13:24:45,807 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /lugarcerto/usuario/j_security_check
13:24:45,809 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authenticating username '[email removido]'
13:24:45,811 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] Begin isValid, principal:[email removido], cache info: null
13:24:45,811 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] defaultLogin, principal=[email removido]
13:24:45,812 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(login-lugar-certo), size=12
13:24:45,813 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(login-lugar-certo), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=principalsQuery, value=SELECT U.SENHA FROM USUARIO U WHERE U.EMAIL=?
name=dsJndiName, value=java:/lugarcerto
name=rolesQuery, value=SELECT P.DS_PERFIL, 'Roles' FROM USUARIO U
    		 INNER JOIN PERFIL P ON U.PERFIL_ID_PERFIL = P.ID_PERFIL WHERE U.EMAIL=?

13:24:45,819 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize
13:24:45,819 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Security domain: login-lugar-certo
13:24:45,820 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/lugarcerto
13:24:45,820 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=SELECT U.SENHA FROM USUARIO U WHERE U.EMAIL=?
13:24:45,820 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=SELECT P.DS_PERFIL, 'Roles' FROM USUARIO U
    		 INNER JOIN PERFIL P ON U.PERFIL_ID_PERFIL = P.ID_PERFIL WHERE U.EMAIL=?
13:24:45,820 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendResume=true
13:24:45,821 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
13:24:45,821 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
13:24:45,822 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT U.SENHA FROM USUARIO U WHERE U.EMAIL=?, with username: [email removido]
13:24:45,823 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Obtained user password
13:24:45,823 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
13:24:45,824 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User '[email removido]' authenticated, loginOk=true
13:24:45,824 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true
13:24:45,824 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] getRoleSets using rolesQuery: SELECT P.DS_PERFIL, 'Roles' FROM USUARIO U
    		 INNER JOIN PERFIL P ON U.PERFIL_ID_PERFIL = P.ID_PERFIL WHERE U.EMAIL=?, username: [email removido]
13:24:45,832 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
13:24:45,833 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT P.DS_PERFIL, 'Roles' FROM USUARIO U
    		 INNER JOIN PERFIL P ON U.PERFIL_ID_PERFIL = P.ID_PERFIL WHERE U.EMAIL=?, with username: [email removido]
13:24:45,836 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role ROLE_USUARIO
13:24:45,836 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
13:24:45,838 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] defaultLogin, lc=javax.security.auth.login.LoginContext@7e44258, subject=Subject[telefone removido]).principals=org.jboss.security.SimplePrincipal@573986900([email removido])org.jboss.security.SimpleGroup@104627471(Roles(members:ROLE_USUARIO))
13:24:45,838 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] updateCache, inputSubject=Subject[telefone removido]).principals=org.jboss.security.SimplePrincipal@573986900([email removido])org.jboss.security.SimpleGroup@104627471(Roles(members:ROLE_USUARIO)), cacheSubject=Subject[telefone removido]).principals=org.jboss.security.SimplePrincipal@573986900([email removido])org.jboss.security.SimpleGroup@104627471(Roles(members:ROLE_USUARIO))
13:24:45,838 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] Inserted cache info: org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@3a9d1f73[Subject[telefone removido]).principals=org.jboss.security.SimplePrincipal@573986900([email removido])org.jboss.security.SimpleGroup@104627471(Roles(members:ROLE_USUARIO)),credential.class=java.lang.String@944780329,expirationTime=1332262482323]
13:24:45,838 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] End isValid, true
13:24:45,838 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] User: [email removido] is authenticated
13:24:45,840 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.login-lugar-certo] getPrincipal, cache info: org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@3a9d1f73[Subject[telefone removido]).principals=org.jboss.security.SimplePrincipal@573986900([email removido])org.jboss.security.SimpleGroup@104627471(Roles(members:ROLE_USUARIO)),credential.class=java.lang.String@944780329,expirationTime=1332262482323]
13:24:45,845 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authentication of '[email removido]' was successful
13:24:45,845 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Redirecting to original '/lugarcerto/usuario/meusdados.jsf'
13:24:45,845 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase]  Failed authenticate() test ??/lugarcerto/usuario/j_security_check
13:24:45,845 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
13:24:45,848 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:{}
13:24:45,848 TRACE [org.jboss.web.tomcat.security.JaccContextValve] MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1f:principalToRoleSetMap{}
13:24:45,848 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /lugarcerto/usuario/meusdados.jsf
13:24:45,848 DEBUG [org.apache.catalina.realm.RealmBase]   Checking constraint 'SecurityConstraint[Usuarios]' against GET /usuario/meusdados.jsf --> true
13:24:45,848 DEBUG [org.apache.catalina.realm.RealmBase]   Checking constraint 'SecurityConstraint[Usuarios]' against GET /usuario/meusdados.jsf --> true
13:24:45,848 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase]  Calling hasUserDataPermission()
13:24:45,849 DEBUG [org.apache.catalina.realm.RealmBase]   User data constraint has no restrictions
13:24:45,849 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
13:24:45,849 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase]  Calling authenticate()
13:24:45,849 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Restore request from session '13247D460F5A0D0AF9B507545DD186E7'
13:24:45,849 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Authenticated '[email removido]' with type 'FORM'
13:24:45,850 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Proceed to restored request
13:24:45,850 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase]  Calling accessControl()
13:24:45,850 DEBUG [org.apache.catalina.realm.RealmBase]   Checking roles GenericPrincipal[[email removido](ROLE_USUARIO,)]
13:24:45,851 DEBUG [org.apache.catalina.realm.RealmBase] Username [email removido] has role ROLE_USUARIO
13:24:45,853 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
13:24:45,853 DEBUG [org.apache.catalina.realm.RealmBase] Role found:  ROLE_USUARIO
13:24:45,853 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
13:24:45,853 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase]  Successfully passed all security constraints
13:24:45,853 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, caller=GenericPrincipal[[email removido](ROLE_USUARIO,)]
13:24:45,854 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Restoring principal info from cache
13:24:45,854 TRACE [org.jboss.web.tomcat.security.RunAsListener] Faces Servlet, runAs: null
13:24:45,854 TRACE [org.jboss.web.tomcat.security.RunAsListener] Faces Servlet, runAs: null
13:24:45,854 DEBUG [org.jboss.security.SecurityAssociation] Using ThreadLocal: false
13:24:45,855 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=null
13:24:45,855 TRACE [org.jboss.web.tomcat.security.RunAsListener] Faces Servlet, runAs: null
13:24:45,855 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/lugarcerto].[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception: java.lang.NullPointerException
	at br.com.lugarcerto.filter.LoginFilter.doFilter(LoginFilter.java:25) [:]
Alura Desenvolvimento Back-End Java Sua Carreira em desenvolvimento back-end Java: dos fundamentos à arquitetura de sistemas...

3 Respostas

LeoCBS
LeoCBS

No lugar de uma filtro… to pensando em usar um LoginModule próprio…

alguma dica de como configurar a partir do que já tenho feito?

obrigado pela ajuda galera!

LeoCBS
LeoCBS

Resolvi meu problema fazendo lookup em um EJB dentro do filtro. Não utilizei uma implementação própria do LoginModule, continuei com o org.jboss.security.auth.spi.DatabaseServerLoginModule

Dentro do meu EJB tenho o SessionContext e dentro dele tenho o Objeto Principal…

com isto consegui recuperar o usuário e colocar na sessão

OBS: Só cai no Filter depois do sucesso na autenticação

No meu Filter:

@Override
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest servletRequest = (HttpServletRequest) request;
		HttpSession httpSession = servletRequest.getSession(false);
		if(httpSession.getAttribute(LugarCertoConstants.USUARIO_LOGADO) == null){
			try {
				final Context ctx = new InitialContext();
				UsuarioBBusinessLocal bean = (UsuarioBBusinessLocal) ctx.lookup(UsuarioBBusinessLocal.JNDI_NAME);
				bean.setUsuarioLogadoSessao((HttpServletRequest) request);
			} catch (NamingException e) {
				e.printStackTrace();
			}
		}
		
		chain.doFilter(request, response);
	}

No EJB:

@Resource
	private SessionContext sessionContext;

        /**
	 * @see UsuarioBBusinessLocal#setUsuarioLogadoSessao()
	 */
	public void setUsuarioLogadoSessao(HttpServletRequest httpServletRequest){
		Principal user = sessionContext.getCallerPrincipal();
		Usuario usuario = this.findUsuarioByEmail(user.getName()).get(0);
		HttpSession session = httpServletRequest.getSession(false);
		session.setAttribute(LugarCertoConstants.USUARIO_LOGADO, usuario);
		
	}

Mais documentação da implementação do LoginModule que eu usei:
https://community.jboss.org/wiki/DatabaseServerLoginModule

abraço galera!

LeoCBS
LeoCBS

Fala pessoal,

tutorial para configurar o JAAS no JBoss 6.1

abraço

Criado 20 de março de 2012
Ultima resposta 23 de mai. de 2012
Respostas 3
Participantes 1

Topicos relacionados

Como saber se um mes tem 4 ou 5 semanas?[RESOLVIDO] 31 respostas Como converter inteiro para string! 13 respostas Comando SELECT para selecionar intervalo de data SQL SERVER 12 respostas &, &&, |, ||. Qndo usar? 6 respostas O método split 12 respostas
Alura Git Flow: entenda o que é, como e quando utilizar Entenda o que é Git Flow, como funciona seu fluxo com branches como Master, Develop, Feature, Release e Hotfix, além de vantagens e desvantagens.
Casa do Codigo Ontologias e Web Semantica: Do conceito a aplicacao Por Ivam Galvao Filho — Casa do Codigo