[JBoss-user] [Security & JAAS/JBoss] - Re: LoginModule.login() passed null principal/credential fro

Tue, 06 Jun 2006 07:24:53 -0700 

Thanks for your replay, yeah I've been using chapter 8 as a guide.

I'm not sure I'm with you though, there is only one login module defined in the 
"other" domain.
If I modify my code to reflect the following it should work?

   public void doGet(HttpServletRequest request, HttpServletResponse response) 
throws ServletException, IOException
  |    {
  |       // get front end parameters
  |       String username = request.getParameter("username");
  |       String password = request.getParameter("password");
  |       Principal user = null;
  |       try
  |       {
  |          SecurityAssociationHandler handler = new 
SecurityAssociationHandler();
  |          user = new MyPrincipal(username);
  |          handler.setSecurityInfo(user, password.toCharArray());
  |          LoginContext loginContext = new LoginContext("client-login", 
handler);
  |          loginContext.login();
  |          Subject subject = loginContext.getSubject();
  |          Set principals = subject.getPrincipals();
  |          principals.add(user);
  | ...
  |      InitialContextSingleton initContextFinder = 
InitialContextSingleton.getInstance();
  |      InitialContext initialContext = initContextFinder.getContext()
  | 
  |          AddressSessionHome addressHome = 
(AddressSessionHome)initialContext.lookup("java:/comp/env/ejb/AddressSessionHome");
  |          AddressSSession addressBean = addressHome.create();
  | ...
  |      loginContext.logout();
  |     }
  |     catch(Exception e)
  |     {
  | ...
  |     }
  |    }

where "client-login" is defined in login-cnfig.xml as:

<policy>
  |     <!-- Used by clients within the application server VM such as
  |     mbeans and servlets that access EJBs.
  |     -->
  |     <application-policy name = "client-login">
  |        <authentication>
  |           <login-module code = "org.jboss.security.ClientLoginModule"
  |              flag = "required">
  |              <!-- Any existing security context will be restored on logout 
-->
  |              <module-option 
name="restore-login-identity">true</module-option>
  |           </login-module>
  |        </authentication>
  |     </application-policy>
  | ...
  | </policy>

and jboss.xml should point to a new "ejb-domain", defined as:
   <application-policy name = "ejb-domain">
  |        <authentication>
  | <!-- com.me.MyLoginModule simply extends UsernamePasswordLoginModule -->
  |           <login-module code = "com.me.MyLoginModule"
  |              flag = "required" >
  |      </login-module>
  |        </authentication>
  |     </application-policy>   
  | 


I'm new to JAAS, so how would I then go about keeping a user logged in for an 
entire session and for authorisation to work for say, session bean to session 
bean calls?

many thanks.

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3949371#3949371

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3949371


_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to