[JBoss-user] [EJB 3.0] - Re: IllegalStateException in BaseSessionContext.getCallerPri

Mon, 22 May 2006 05:13:01 -0700 

I'm sorry for not posting this sooner - Here is how I solved this problem 
without writing my own authentication:

First, make sure to set up login-config.xml in 
<jboss-home>/server/default/conf.  Here is an example


  | 
  |     <application-policy name="other">
  |     <authentication>
  |             <login-module code = 
"org.jboss.security.auth.spi.LdapExtLoginModule" flag = "required">
  |             <module-option name = 
"unauthenticatedIdentity">Guest</module-option>
  |                     <module-option 
name="java.naming.provider.url">ldap://<yourldapserver></module-option>
  |                     <module-option name="bindDN">CN=My LDAP 
Account,OU=GroupOU=People,DC=domain,DC=com</module-option>
  |                     <module-option 
name="bindCredential">password</module-option>
  |                     <module-option name="baseCtxDN">DC=domain, 
DC=com</module-option>
  |             <module-option name="searchScope">SUBTREE_SCOPE</module-option>
  |                     <module-option 
name="allowEmptyPasswords">false</module-option>
  |             </login-module>
  |     </authentication>
  |     </application-policy>
  | 

I really should point out that if you don't have that last line, setting 
allowEmptyPassword=false, by default jboss will authenticate you if you leave 
the password blank.  (Is this really what we want as a default??)

Anyways, once this is set up it will work in some places, but I found that in 
my session beans that were actually calling ctx.getCallerPrincipal(), I needed 
this annotation at the top (before the class declaration): 


  | @SecurityDomain("other")
  | 

Where "other" is whatever you named your security domain in login-config.xml 
(as described above).

So in conclusion to my last comment, Yes, there is an easier way.  I'm not sure 
why this was so difficult to find, at least for me!

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3945305#3945305

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3945305


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to