4 Replies Latest reply on Oct 29, 2001 12:00 AM by jochenriekhof

    app ith multiple users possible?

    jochenriekhof
    jochenriekhof Oct 29, 2001 12:00 AM

      :) Thanks -- that was exactly it.

      Well, I'm assuming that it all works well, but unfortunately, nothing is ever easy. Our company has set up our LDAP directory so that it is impossible to search it without a special account. (i.e, the user that binds to the directory to test the authentication can't search the groups branch to see what roles they are in).

      So, I have an "admin" dn and credential that I'll need to use when doing the search for matching roles. Authentication is working great -- role matching is what is failing now. After looking at the source, this doesn't look like it would be too difficult to do -- if I can check out the CVS module, I'll probably take a crack at it.

      Do other companies do this? Would it be worth merging these changes back into into the LdapLoginModule as optional attributes?

      Anyway, thanks for all the help so far!

      • 16240 Views
      • Tags:
        • 1. Re: app ith multiple users possible?
          starksm64
          starksm64 Oct 29, 2001 12:00 AM (in response to jochenriekhof)

          You have to establish the client identity on each access to the EJB. What are you doing currently?

            • Actions
          • 2. Re: app ith multiple users possible?
            jochenriekhof
            jochenriekhof Oct 29, 2001 12:00 AM (in response to jochenriekhof)

            >You have to establish the client identity on each >access to the EJB
            Sounds good, but i don't know how to do this. I saw that normally, the ClientAuthModule registeres the name/password with SecurityAssociation - a class pooling the authinfo.
            So, all my proxy objects (each of which is connected to a jboss-ejb) must share this login info. If multiple proxy-objects (=multiple threads) now access jboss simultaneously and setting their auth-info in SecurityAssociation, a context switch would often give wrong authinfo, or am I wrong here?

              • Actions
            • 3. Re: app ith multiple users possible?
              starksm64
              starksm64 Oct 29, 2001 12:00 AM (in response to jochenriekhof)

              The ClientAuthLoginModule has a multi-threaded option to allow the identity binding to be thread specific so that multiple indepdent login identities can be maintained.

                • Actions
              • 4. Re: app ith multiple users possible?
                jochenriekhof
                jochenriekhof Oct 29, 2001 12:00 AM (in response to jochenriekhof)

                Sounds good. I don't know exactly if each RMI remote Object on remote access runs in its own and only thread? Do you know? If this is the case it sounds very promising.
                Thanks!

                Ciao

                ...Jochen

                  • Actions