• Post Reply Bookmark Topic Watch Topic
  • New Topic

JAAS with JBOSS and Struts2  RSS feed

shahidsan shaikh
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I have been able to authenticate a user using JAAS on Jboss 4.2. However here is my question? How do I access once the user is logged in what roles he/she has?

Here is my SessionLogin action, whihc implements the PrincipalAware interface, and i know from my debug lines this does get set. When i call isUserRole("Admin") it is showing false.

I thought implementing PrincipalAware will give me access to what got set with JAAS on JBoss

Can anyone help?

package lab.security;

import java.io.ByteArrayInputStream;
import java.rmi.RemoteException;
import java.security.Principal;
import java.util.*;

import javax.ejb.CreateException;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.rmi.PortableRemoteObject;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.ServletContext;

import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.PrincipalAware;
import org.apache.struts2.interceptor.PrincipalProxy;
import org.apache.struts2.util.ServletContextAware;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.callback.SecurityAssociationHandler;

import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionSupport;

public class SessionLogin extends ActionSupport implements ServletContextAware, PrincipalAware

private static final long serialVersionUID = 2452642373778L;

private String userId;

private String password;

public byte[] foto;
private PrincipalProxy _principalProxy;
private ServletContext _servletContext;
public String execute() throws Exception {

Properties prop = new Properties();
String j_username = null;
String j_password = null;
try {
System.out.println("in excute() "+this.userId);
SecurityAssociationHandler handler = new

SimplePrincipal user = new SimplePrincipal(this.userId);
handler.setSecurityInfo(user, this.password.toCharArray());
LoginContext loginContext = new
LoginContext("userRolesTest", (CallbackHandler) handler);
//Subject subject = loginContext.getSubject();
//Set principals = subject.getPrincipals();
Map mp = ActionContext.getContext().getSession();
mp.put("logged-in", "true");

System.out.println("User role admin :"+_principalProxy.isUserInRole("Admin"));
System.out.println("User role admin :"+_principalProxy.isUserInRole("User"));
return "SUCCESS";

} catch (LoginException e) {

return "ERROR";


public String getPassword() {
return password;

public void setPassword(String password) {
this.password = password;

public String getUsername() {
return userId;

public void setUsername(String userId) {
this.userId = userId;

public byte[] getFoto() {

return foto;

public void setFoto(byte[] foto) {
this.foto = foto;

public void setPrincipalProxy(PrincipalProxy principalProxy)
System.out.println("principalProxy context set :"+principalProxy);
_principalProxy = principalProxy;

public void setServletContext(ServletContext servletContext)
System.out.println("servletContext context set :"+servletContext);
_servletContext = _servletContext;
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!