Hi,
I've written a custom login module using individual implementations for
Principal/Group. Logins to the web container are propagated properly to the EJB
container. However logins of remote EJB clients fail since username/password
provided by the callbackhandler are null:
| public boolean login() throws LoginException {
|
| try {
| log.info("login() called");
|
| // Get user name and password from request
| log.info("Going to the build the name and password call back");
| this.callbacks = new Callback[2];
| this.callbacks[0] = new NameCallback("Username");
| this.callbacks[1] = new PasswordCallback("Password", false);
|
| log.info("Trying to execute the callbacks using the call back
handler");
| this.callbackhandler.handle(this.callbacks);
|
The login performed by the remote EJB client looks like this:
| Properties props = new Properties();
| props.setProperty(Context.INITIAL_CONTEXT_FACTORY,
"org.jboss.security.jndi.JndiLoginInitialContextFactory");
| props.setProperty(Context.URL_PKG_PREFIXES,
"org.jboss.naming.client");
| props.setProperty(Context.PROVIDER_URL, "jnp://localhost:1099");
| props.setProperty(Context.SECURITY_PROTOCOL, "pve");
| props.setProperty("j2ee.clientName", "PCA_CLI"); // must match
display-name in application-client.xml
|
| props.put(Context.SECURITY_PRINCIPAL, "admin");
| props.put(Context.SECURITY_CREDENTIALS, "pca");
| this.context = new InitialContext(props);
| Object objref = context.lookup(jndiName);
|
The security-domain in jboss.xml is set to "pve":
| <jboss>
| <security-domain>java:/jaas/pve</security-domain>
| [...]
|
The login-config.xml contains the following entries:
| <policy>
| <!-- Used by clients within the application server VM such as
| mbeans and servlets that access EJBs.
| -->
| <application-policy name = "client-login">
| <authentication>
| <login-module code = "org.jboss.security.ClientLoginModule"
| flag = "required">
| <!-- Any existing security context will be restored on logout
-->
| <module-option
name="restore-login-identity">true</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <application-policy name = "pve">
| <authentication>
| <login-module code = "com.wn.pve.security.jaas.PveLoginModule"
| flag = "required">
| <module-option name =
"principalClass">com.wn.pve.platform.jbossjaas.PvePrincipal</module-option>
| </login-module>
|
| <login-module code="org.jboss.security.ClientLoginModule"
flag="required" />
| </authentication>
| </application-policy>
|
| <!-- Security domain for JBossMQ -->
| <application-policy name = "jbossmq">
| <authentication>
| <login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
| flag = "required">
| <module-option name =
"unauthenticatedIdentity">guest</module-option>
| <module-option name =
"dsJndiName">java:/DefaultDS</module-option>
| <module-option name = "principalsQuery">SELECT PASSWD FROM
JMS_USERS WHERE USERID=?</module-option>
| <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM
JMS_ROLES WHERE USERID=?</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <!-- Security domains for testing new jca framework -->
| <application-policy name = "HsqlDbRealm">
| <authentication>
| <login-module code =
"org.jboss.resource.security.ConfiguredIdentityLoginModule"
| flag = "required">
| <module-option name = "principal">sa</module-option>
| <module-option name = "userName">sa</module-option>
| <module-option name = "password"></module-option>
| <module-option name =
"managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <application-policy name = "JmsXARealm">
| <authentication>
| <login-module code =
"org.jboss.resource.security.ConfiguredIdentityLoginModule"
| flag = "required">
| <module-option name = "principal">guest</module-option>
| <module-option name = "userName">guest</module-option>
| <module-option name = "password">guest</module-option>
| <module-option name =
"managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <!-- A template configuration for the jmx-console web application. This
| defaults to the UsersRolesLoginModule the same as other and should be
| changed to a stronger authentication mechanism as required.
| -->
| <application-policy name = "jmx-console">
| <authentication>
| <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required">
| <module-option
name="usersProperties">props/jmx-console-users.properties</module-option>
| <module-option
name="rolesProperties">props/jmx-console-roles.properties</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <!-- A template configuration for the web-console web application. This
| defaults to the UsersRolesLoginModule the same as other and should be
| changed to a stronger authentication mechanism as required.
| -->
| <application-policy name = "$webConsoleDomain">
| <authentication>
| <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required">
| <module-option
name="usersProperties">web-console-users.properties</module-option>
| <module-option
name="rolesProperties">web-console-roles.properties</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <!-- A template configuration for the JBossWS web application (and
transport layer!).
| This defaults to the UsersRolesLoginModule the same as other and
should be
| changed to a stronger authentication mechanism as required.
| -->
| <application-policy name="JBossWS">
| <authentication>
| <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag="required">
| <module-option
name="usersProperties">props/jbossws-users.properties</module-option>
| <module-option
name="rolesProperties">props/jbossws-roles.properties</module-option>
| <module-option
name="unauthenticatedIdentity">anonymous</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| </policy>
|
Anything I might try?
Axel
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3967248#3967248
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3967248
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
