[jboss-user] [Security & JAAS/JBoss] - Re: Can't get access right from Java Client

Thu, 28 Sep 2006 01:58:31 -0700 

anonymous wrote : I was first using LoginInitialContextFactory. Does this 
module perform client-side authentication ?

As per the javadocs of LoginInitialContextFactory:

anonymous wrote : /** A naming provider InitialContextFactory implementation 
that combines the authentication phase
  |  * with the InitialContext creation. During the getInitialContext callback 
from the JNDI naming
  |  * layer a JAAS LoginContext is created using the login configuration name 
passed in as
  |  * the Context.SECURITY_PROTOCOL env property. The CallbackHandler used is a
  |  * org.jboss.security.auth.callback.UsernamePasswordHandler that is 
populated
  |  * with the username obtained from the Context.SECURITY_PRINCIPAL env 
property
  |  * and the credentials from the Context.SECURITY_CREDENTIALS env property.
  | */

In brief, the LoginIntialContextFactory uses the login module to which you 
passed through env.put(Context.SECURITY_PROTOCOL,...). In your case this 
happens to be:

env.put(Context.SECURITY_PROTOCOL,"CPIProject");

And your "CPIProject" points to the ClientLoginModule:

CPIProject {
  |     org.jboss.security.ClientLoginModule required
  |     password-stacking="useFirstPass"
  |     ;
  | };

As already mentioned the ClientLoginModule will just copy the login information 
and will not do any authentication.

anonymous wrote : If not, can you send me a piece of code that does perform 
client-side authentication ?

If you require authentication to be done, then the simplest one would be to use 
the UsersRolesLoginModule which authenticates using users.properties file and 
roles.properties file. So your "CPIProject" context will look like:

CPIProject {
  | org.jboss.security.auth.spi.UsersRolesLoginModule required;
  | };

Your properties file should be present in the classpath. Typically the 
users.properties file will contain something like:

#username=password
  | root=root
  | someotheruser=pass1

The roles.properties will contain the username and role mappings.


View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3974795#3974795

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3974795
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to