we are using a JAAS login in a MBean (jboss 2.4.3).
It's working the same way as from the client.
Important parts:
create a LoginContext with "client-login"
in auth.conf of the server check that the configuration for client-login
exists
client-login {
org.jboss.security.ClientLoginModule required;
};
Hope this helps
Annegret
-----Original Message-----
From: Benoit Xhenseval [mailto:[EMAIL PROTECTED]]
Sent: Donnerstag, 19. September 2002 12:28
To: [EMAIL PROTECTED]
Subject: [JBoss-user] Re: Security Roles not accessible in beans? (Scott
M Stark)
Thanks for the prompt answer.
Is there any plan (or patches-out-there) that would forward the run-as role
to the application
component. Is JBoss 3.x similar? I do not know the J2EE spec well enough
but guess that it must
be a grey area. However, the current implementation is "counter-intuitive".
Our beans can be
accessed by a client app but also MDB and timer clients.
We tried to do a JAAS login in the schedulable task (using the MBean Timer)
but it does not seem
to work, it is still using the unauthenticatedIdentity, has anyone managed
this?
We might want to have a look at propagating the role, if there is some
interest and it is not
"wrecking" the current architecture, could you give us any pointer?
Many thanks
Benoit
>That is the current implemented behavior. The run-as role is only available
to
>the declarative security layer, not the application component.
>xxxxxxxxxxxxxxxxxxxxxxxx
>Scott Stark
>Chief Technology Officer
>JBoss Group, LLC
>xxxxxxxxxxxxxxxxxxxxxxxx
----- Original Message -----
From: "Benoit Xhenseval" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 18, 2002 1:17 PM
Subject: [JBoss-user] Security Roles not accessible in beans?
> Hi
>
> We are using JBoss 2.4.4. with JAAS and the DatabaseUserLoginModule.
>
> In some part of the ejb code, we are using
getContext().isCallerInRole(xxxxx)
> and everything works fine... Except in this case and we wonder if
> 1/ it is normal behaviour
> 2/ it is a bug
> 3/ if there is a workaround or patch...
>
> Here is the scenario:
>
> One Stateless Session bean, say bean1, has the security set to
<unchecked/> as it is called by
the
> MBEAN Timer.
> The JAAS module defines "nobody" as the unauthenticated user.
> The Session bean defines <run-as>Manager</Manager> in the ejb-jar.xml as
the bean will call
other
> beans, say bean2. bean2 has security only allowing users with role
"Manager" to access it.
>
> The symptom: the context in bean2 does not seem to have ANY role when it
called from the bean1.
> bean1 can access bean2 but bean2 ALWAYS fails on
getContext().isCallerInRole(xxxxx)
>
> It works fine from a client with a JAAS login, we can test the roles if
required.
>
> getContext().getCallerPrincipal().getName() will give you "nobody" as
expected.
>
> We were under the impression that the <run-as> role should be passed to
the context in bean2!
Is
> it a know bug? Has anyone faced something similar?
>
> Many thanks in advance,
>
> Benoit.
__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
