Hi,
We are doing programmatic authentication with LDAP. (sample code given below).
After authenticaion deligated call to another secured session bean, it is again
going thru security domain, even though user has required roles.
i.e. again going thru the security domain, meaning roles have not been
propagated to tomcat container.
// Perform LDAP Authenticaion
try
{
SimplePrincipal user = new SimplePrincipal("testuser2");
String pwd = "testpassword";
String securityDomain = "LDAPDomain";
SecurityAssociationHandler handler = new SecurityAssociationHandler();
handler.setSecurityInfo(user, pwd);
LoginContext lc = new LoginContext(securityDomain, handler);
lc.login();
Subject subject = lc.getSubject();
Iterator it = subject.getPrincipals().iterator();
}
} catch(Exception e)
{
System.out.println("** Wrong Username or Password **** ");
e.printStackTrace();
}
// Delegating call to another session bean
try
{
InitialContext ctx = new InitialContext();
ClientServiceHome home_obj =
(ClientServiceHome)ctx.lookup("shares/ClientService");
ClientService remoteObj = (ClientService)home_obj.create();
remoteObj.Ldap_Authentication();
}catch(Exception e)
{
System.out.println("**** Exception while delegating call to secured
session Bean...\n");
e.printStackTrace();
}
LDAP Config:
<application-policy name = "LDAPDomain">
<login-module code = "org.jboss.security.auth.spi.LdapLoginModule"
flag="required">
<module-option name = "java.naming.factory.initial">
com.sun.jndi.ldap.LdapCtxFactory
</module-option>
<module-option name =
"java.naming.provider.url">ldap://172.19.151.202:389/</module-option>
<module-option name =
"java.naming.security.authentication">simple</module-option>
<module-option name = "principalDNPrefix">uid=</module-option>
<module-option name = "uidAttributeID">roleOccupant</module-option>
<module-option name = "roleAttributeID">cn</module-option>
<module-option name =
"principalDNSuffix">,ou=People,dc=example,dc=com</module-option>
<module-option name =
"rolesCtxDN">ou=Roles,dc=example,dc=com</module-option>
<module-option name = "matchOnUserDN">true</module-option>
<module-option name = "unauthenticatedIdentity">nobody</module-option>
</login-module>
<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
</login-module>
</application-policy>
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3897057#3897057
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3897057
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
