A LoginModule is all you need. The KeyStore should be coming from the
org.jboss.security.SecurityDomain the login module configuration belongs
to. Right now this is not passed in so I'll add it to the AbstractServerLoginModule
layer. In the interim get the SecurityDomain interface from JNDI. If you have a
JaasSecurityDomain like the following:
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
name="Security:name=JaasSecurityDomain,domain=RMI+SSL">
<constructor>
<arg type="java.lang.String" value="RMI+SSL"/>
</constructor>
<attribute name="KeyStoreURL">chap8.keystore</attribute>
<attribute name="KeyStorePass">rmi+ssl</attribute>
</mbean>
The SecurityDomain interface is obtained as:
SecurityDomain sd = (SecurityDomain) new
InitialContext().lookup("java:/jaas/RMI+SSL");
xxxxxxxxxxxxxxxxxxxxxxxx
Scott Stark
Chief Technology Officer
JBoss Group, LLC
xxxxxxxxxxxxxxxxxxxxxxxx
----- Original Message -----
From: "Jason Essington" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, November 15, 2002 7:01 AM
Subject: Re: [JBoss-dev] jboss.net email transport
> So, here is where I am with this currently (not commited yet).
>
> jboss.net can receive a signed message and validate the signature, Then
> continue with processing the message.
>
> The problem is I don't yet have a way to authorize (trust) the
> signature.
> The incoming soap message has key information(DSA key and X509 cert)
> attached to it, this is used for the validation of the signature. So at
> this point I have a PublicKey object and an X509Certificate object that
> I can assume are good (assuming the message validated).
>
> Now if I want to check if this cert is trusted (by my keystore) I think
> I could do:
> String alias = myKeyStore.getCertificateAlias( sigCert );
> boolean isTrusted = myKeyStore.isCertificateEntry( alias );
>
> I haven't tried this yet, but according to the javadocs it makes sense.
>
> I guess now the issue is figuring out which parts of the JBossSX puzzle
> I need to implement to use this information to complete a login.
>
> Am I on the right track here?
> Will I have to do anything "strange" in JBossSX or can I simply create
> a login module that knows how to handle this?
>
> Also, I would like to add the Apache XML-Security library (xmlsec.jar)
> to thirdparty. Is this reasonable?
>
> Thanks
>
> -jason
-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing
your web site with SSL, click here to get a FREE TRIAL of a Thawte
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
