Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

WindowsLoginModule missing roles in Principal..

See original GitHub issue

Hello, I’m using the WindowsLoginModule as a security-domain on Wildfly 10. It works perfectly for authentication. I’ve got the principal and role format optoins set to fqn in the config. I’m using Servlet 3.0 calls

request.login(username, password);

which work great as I’m getting authenticated correctly as shown in the log snippet below:

2016-10-07 09:48:37,946 DEBUG default task-21 WindowsLoginModule - successfully logged in FTI\kyriv (S-1-5-21-216877148-1828078549-1435325219-13022) 2016-10-07 09:48:37,947 DEBUG default task-21 WindowsLoginModule - committing 29 principals 2016-10-07 09:48:37,947 DEBUG default task-21 WindowsLoginModule - principal: FTI\kyriv 2016-10-07 09:48:37,947 DEBUG default task-21 WindowsLoginModule - principal: FTI\Domain Users 2016-10-07 09:48:37,947 DEBUG default task-21 WindowsLoginModule - principal: Everyone 2016-10-07 09:48:37,947 DEBUG default task-21 WindowsLoginModule - principal: BUILTIN\Administrators .....

Unfortunately when I attempt a call to isUserInRole it always returns false.

if (request.isUserInRole("Everyone")) { LOGGER.info("Authenticated user: " + username + ", SessionId: " + info.getId()); return "login-success"; } else { LOGGER.info("User " + principal.getName() + " not in role 'Everyone'"); context.addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR, "User " + principal.getName() + " Not Authroized For Use.", null)); return "login-error"; }

as shown in my log

2016-10-07 09:56:36,333 INFO default task-43 Authenticator - User FTI\kyriv not in role 'Everyone'

If I try to get the javax.security.auth.subject attribute from the session which is supposed to contain a Set<Principal> of roles, it returns null.

Please help. Thanks.

Issue Analytics

State:
Created 7 years ago
Comments:7 (6 by maintainers)

Top GitHub Comments

1reaction

devnullpointercommented, Oct 11, 2016

I’ve been able to successfully log into the application with the changes I’ve made to the WindowsLoginModule. The groups are set properly to the subject and you can now successfully use the isUserInRole function. I’ll finish up with the code comments, commit, and do a PR.

0reactions

eekodeerdercommented, Dec 12, 2020

This modification broke Tomcat Authentication. The removal of the RolePrinciple(s) from the subject means that Tomcat JAASRealm cannot find the roles anymore. I suggest putting back line 151 which was removed.

Top Results From Across the Web

Built-in security principal Network Service is missing in ...

Hi,. Windows Remote Management Service in Domain Server(Windows 2012) had got stopped, so i tried to Start the service, i were getting ...

JAAS - isUserInRole returns false for all roles in Tomcat

HOWEVER, none of the roles seem to be getting into the Principal. Tomcat's isInUserRole returns false for every role, and tomcat security doesn' ......

Unsuccessful with simple web app and custom login module ...

I am using the Custom Login Module Example (module and principal copied from ... "Step 3: Configure Namespace Access and Role Mappings (as...

UsersRoles Login Module - Loads user names and roles from a local Java ... If not found, the principal name and password are...

Authorization using Role-Based Access Control

You must grant the role to a principal at the time you bind a resource to the role ... 404: Not Found: user...