Principals from MessageBean

mkprim Nov 27, 2003 3:58 PM

Hello, I'm using JBoss 3.2.2 over linux.
I wanted to know if there is any way to authenticate a user on a Message Driven Bean, getting the user's subject, role or anything that might help for calling a secured Session Bean from the MDB.
Actually, I can login users through the DatabaseServerLoginModule, but they always appear in the "guest" role. Can this be changed to the "real" role?
Thanks a lot.
Marcelo

1. Re: Principals from MessageBean

jamesstrachan Nov 28, 2003 5:52 AM (in response to mkprim)

Marcelo,

There is no way of getting at user information because Message Driven Beans are anonymous.

The EJB Spec. 2.0 says, on Page 320, "Invoking the getCallerPrincipal and isCallerInRole methods is disallowed in the message-driven bean methods because the Container does not have a client security context".

You could use a "run-as" principal within the Deployment Descriptor to supply a role that is allowed to perform the methods that you wish to access (see Page 447).

That still doesn't give you access to the real identity of the message sender, but would allow you to call the secured Session Bean.

James
Actions
2. Re: Principals from MessageBean

mkprim Nov 28, 2003 9:53 AM (in response to mkprim)

OK, I understand. That's bad news.
Can I get a workaroud, sending the username and password in the JMS Message, creating the LoginContext and doing loginCxt.login() ?

Thanks for your reply.
Marcelo
Actions

Go to original post