----- Original Message -----
From: "Colin Sampaleanu" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 03, 2001 9:03 PM
Subject: [JBoss-user] JBoss and JDK 1.2.2
> Is JBoss completely usable under JDK 1.2.2, including security?
>
> I am a little bit confused (and looking at the mailing list archives and all
> the documentation has not helped). The (new) documentation mentions setting
> the bean containers properly for JDK 1.2x; that is pretty clear. W/regards
> to the security on the other hand, looking at 'JBossSX Security Extension
> Framework' and 'JAAS Based Security in JBoss' it would seem like the
> security support is mostly all JAAS (which is JDK 1.3 only) based. This is
> with the exception of plugging in some sort of custom security manager and
> realm mapping based on one of the samples in
> org.jboss.security.plugins.samples.
>
> Is this the case?
The security integration layer has no dependency on JAAS, but the
default JBossSX security manager implementation is JAAS based and
therefore requires 1.3. I would expect that you could actually use the
JAAS LoginModules under 1.2 as only the SubjectDomainCombiner relies
on 1.3 classes and this should not be involved duriing authentication. If it
does not work then you would have to implement your own versions of
the EJBSecurityMgr and RealmMapping interfaces. There are non-JAAS
based examples in the jboss module in the org.jboss.security.plugins.samples
package.
>
> As an aside, I do not understand how security context information is
> actaully being propogated through JNP when doing a 1.1 style lookup and
> usage of a bean. The client supplies the principal and credentials when
> getting the connection, but JNP simply supplies code for doing bindings and
> lookups, and relies on builtin RMI code for support services like transport;
> when and how is security context information sent over so that it can later
> be used/validated when calling bean methods?
>
JNDI is not used for identity progation in JBoss. The principal and credentials
are associated with the client side EJB proxy layer using the
org.jboss.security.SecurityAssociation
class. These values are marshalled along with the EJB home and remote interface method
invocations. The standard way to set this information is to do a JAAS login using
the org.jboss.security.ClientLoginModule. This simply sets the SecurityAssociation
principal and credentials to those passed in via the application CallbackHandler.
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
