I define a session bean like so:
@Stateless
| @SecurityDomain("MySecDomain")
| public class EchoBean implements EchoRemote
| {
| // lots of stuff
| }
|
I have configured the security domain MySecDomain as "simple property
file"-domain in login-config.xml.
Next I run a client looking up the bean like this:
Properties env = new Properties();
| env.setProperty(Context.SECURITY_PRINCIPAL, "peter");
| env.setProperty(Context.SECURITY_CREDENTIALS, "spiderman");
| env.setProperty(Context.INITIAL_CONTEXT_FACTORY,
"org.jboss.security.jndi.JndiLoginInitialContextFactory");
| InitialContext ctx = new InitialContext(env);
|
| EchoRemote echo = (EchoRemote)
ctx.lookup(EchoRemote.class.getName());
|
| // do funky things with the bean
|
If I try to authenticate with wrong credentials, I get a SecurityException and
everything's fine...
BUT if I run the client once authenticating successfully, let it end modify the
code so it looks like this...
InitialContext ctx = new InitialContext();
| EchoRemote echo = (EchoRemote)
ctx.lookup(EchoRemote.class.getName());
|
| // do funky things with the bean
|
...I suddenly have unauthenticated access to the bean!
Waiting a while and trying to run the client again some minutes later results
in the expected SecurityException.
What's wrong? Did I miss something?
Thanks for reading and even more for help or explanations ;-)
Kind regards
Martin
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3913450#3913450
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3913450
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
