Hi
Well the client code exists in a Logon Servlet, which retreives the username
and password from the user, the client code I posted before is then called in
this servlet, to log the user onto the system, debugging this I can see the
username and password being correctly passed to the LoginModule implementation
inside the PasswordCallback and NameCallback and thus the user logs on
correctly. Then, inside the same servelt I do a lookup on an EJB home:
InitialContextSingleton initContextFinder =
InitialContextSingleton.getInstance();
| InitialContext initialContext = initContextFinder.getContext()
| MyEJBHome ejbHome = initialContext.lookup("java:/comp/env/ejb/MyEJBHome");
| ejbHome.create();
|
At the point where ejbHome.create() is called JBoss invokes the
JaasSecurityManager which in turn invokes the logon() method in MyLoginModule
(which extends UsernamePasswordLoginModule). At this point the JBoss EJB layer
has "forgotten" the username and password used previously.
I have found one solution which seems to be to use
Hashtable env = new Hashtable();
| env.put(Context.SECURITY_PRINCIPAL, "myusername");
| env.put(Context.SECURITY_CREDENTIALS, "mypassword");
| Context ctx = new InitialContext(env);
| ctx.lookup("java:/comp/env/ejb/MyEJBHome");
|
However, our InitialContext is a singleton and cannot be changed, and from what
I can work out this way of doing things is out-of-date and no longer fits with
the JAAS model.
In my login-config.xml:
<application-policy name = "other">
| <authentication>
| <!-- com.me.MyLoginModule simply extends UsernamePasswordLoginModule -->
| <login-module code = "com.me.MyLoginModule"
| flag = "required" >
|
| </login-module>
| </authentication>
| </application-policy>
jobss.xml for the EJB in the session-ejb.jar:
| <jboss>
| <security-domain>java:/jaas/other</security-domain>
| </jboss>
|
The ejb-jar.xml simply contains roles:
| ...
| <security-role>
| <description>View Address Details</description>
| <role-name>role.address.me.view</role-name>
| </security-role>
| <method-permission>
| <role-name>everyone</role-name>
| <method>
| <description>Remote Method: *</description>
| <ejb-name>AddressSession</ejb-name>
| <method-intf>Remote</method-intf>
| <method-name>*</method-name>
| </method>
| <method>
| <description>Home Method: *</description>
| <ejb-name>AddressSession</ejb-name>
| <method-intf>Home</method-intf>
| <method-name>*</method-name>
| </method>
| </method-permission>
| ...
|
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3949353#3949353
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3949353
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
