users@glassfish.java.net

Default principal to role mapping problem...

From: <glassfish_at_javadesktop.org>
Date: Sun, 04 Nov 2007 09:45:49 PST

Hi,

I am using a custom JDBC realm because the one provided with glassfish is not flexible enough (it assumes natural keys for instance). It is an almost exact copy of the JDBCRealm from glassfish but is configured with JDBC queries instead of with table and column names. The idea is similar to the jdbc realm in JBoss and allows basically any database schema to be used.

The realm is configured appropriately. The realm is tied to a login module through the login.conf and the realm itself is configured with queries and a datasource (a MySQL database). In my web app I am using basic declarative security and am allowing any role (so basically any authenticated user) to access anything. In the debug output I see that the user is successfully authenticated and that the groups for the user are successfully determined. Also I am calling commitUserAuthentication() to tell glassfish what the group names are. In Glassfish I have set up a default principal to role mapping so I am expecting every group to correspond to a role of the same name.

Nevertheless, after logging in I can use standard servlet API calls (getUserPrincipal() and isUserInRole()) to examine the logged in user. What I am seeing now is that the user is known but that no roles have been set. So apparently the default role mapping is not working. I could debug this problem better if I would know the Subject but how do I obtain this in my application? I am now using the standard JAAS method for accessing the subject

  Subject.getSubject(AccessController.getContext());

but this gives null.

Any ideas on what could be wrong?

Cheers
  Erik
[Message sent by forum member 'erikengerd' (erikengerd)]

http://forums.java.net/jive/thread.jspa?messageID=243705