Christophe Ney wrote:
>>using another authentication mechanism is fine
>>as long as you make sure that the required Security context is
>>propagated by Jeremie (acheived by the interceptor that ships with
JOnAS).
OK, having scaled the dizzy heights of getting the security example to run,
I'm now trying to do my own authentication without Tomcat. Looking at
SecurityCtxInterceptor31.java I thought the following Authenticator EJB
(stateless session bean) would do the trick. The idea is that your client
would call authenticate() on it in order to get authenticated. And it
bypasses jonas-users.properties by directly inserting the username and
associated roles into RoleMechanism. However it doesn't work: and I'm
pretty sure it's because the security context doesn't propagate. In fact
when subsequently I call a secured method I'm getting the same
NullPointerException I was complaining about earlier.
If I substitute in my own SecurityReceiver and modify the methods to trace
out the current context and associated principal, I can see the principal I
have set is initially in the SecurityContext, but on subsequent calls
reverts to JOnAS_client. So what's the trick needed to get the context to
propagate?
Thanks in advance!
Joe
public class AuthenticatorBean extends SimpleSessionBean
{
public boolean authenticate(String sUsername,String sPassword)
{
try
{
Statement s = getConnectionSomehow().createStatement();
ResultSet rs = s.executeQuery("select * from ACCT where Uname='" +
sUsername + "' and Pwd='" + sPassword + "'");
if (rs.next())
{
// Associate this user with the appropriate roles via Jonas's
RoleMechanism.
String[] roles = {"user"};
RoleMechanism.getInstance().addMapping(sUsername,roles);
// Make this user authenticated by creating a SecurityContext.
SecurityContext ctx = new SecurityContext(sUsername);
SecurityCurrent current = SecurityCurrent.getCurrent();
current.setSecurityContext(ctx);
return true;
}
else
return false;
}
catch (SQLException e) {throw new EJBException(e);}
}
}
=====================================================================
Joe Gittings, Royal Botanic Gardens, Kew
Hanover House, Kew, Richmond, Surrey TW9 3AB
[EMAIL PROTECTED]
+44 20 8332 5712
fax: +44 20 8332 5736
----
This list is cross-posted to two mail lists. To unsubscribe,
follow the instructions below for the list you subscribed to.
For objectweb.org: send email to [EMAIL PROTECTED] and
include in the body of the message "unsubscribe ejb-container-group".
For enhydra.org: send email to [EMAIL PROTECTED] and include
in the body of the message "unsubscribe ejb-container-group".
