4 Replies Latest reply on Jan 13, 2005 12:00 AM by starksm64

    MBean access to secured EJB

    kashpaw

      Um, I guess I may be confused.

      I secured my session beans by specifying my own security domain, which uses the provided DatabaseServerLoginModule. Clients access the secured session beans by specifying "other", as given in the client-side auth.conf (a ClientLoginModule). On accessing the session beans authentication works fine.
      The server side uses the DatabaseServerLoginModule, specified in mySecurityDomain.

      Here's my difficulty: I have an MBean that periodically calls on my secured session beans. I specify "client-login" domain to the MBean's LoginContext (again, a ClientLoginModule), but on invoking the first secured method (create), the server barks with:

      [Default] javax.security.auth.login.FailedLoginException: No matching username found in Principals
      [Default] at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:96)
      [Default]
      [Default] at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login
      (UsernamePasswordLoginModule.java:103)....

      If I instead specify "MySecurityDomain", the same thing still happens.

      How do i get the identity propagated into the right place?

      TIA,
      kashpaw

        • 1. Re: MBean access to secured EJB
          kashpaw

          I've put a few printlns in, and found that username is null when UsernamePasswordLoginModule.getUsernameAndPassword() tries to collect it from the callbackHandler. That's strange because this code works when I start a client that uses the client auth.conf "other" (a ClientLoginModule). When I use the server auth.conf "client-login" (a ClientLoginModule) for my MBean, it doesn't. Looking at the ClientLoginModule code now.

          • 2. Re: MBean access to secured EJB
            kashpaw

            No joy. Anyone have a clue why this works over the network, but not in the same vm?

            • 3. Re: MBean access to secured EJB
              kashpaw

              Okay, I got it to work. Since my MBean was using TimerMBean to periodically kick off some thread, I have to (programatically)login (and logoff) each time. But I'm still confused: reading the code for SecurityAssociation, I gather that the default is for the security association to be available on a vm-wide basis, and that threadlocal is only turned on when setServer() is called. If that's the case, why must I log in each time? I must be misinterpreting something.

              • 4. 6472
                starksm64

                Um, I guess I may be confused.

                I secured my session beans by specifying my own security domain, which uses the provided DatabaseServerLoginModule. Clients access the secured session beans by specifying "other", as given in the client-side auth.conf (a ClientLoginModule). On accessing the session beans authentication works fine.
                The server side uses the DatabaseServerLoginModule, specified in mySecurityDomain.

                Here's my difficulty: I have an MBean that periodically calls on my secured session beans. I specify "client-login" domain to the MBean's LoginContext (again, a ClientLoginModule), but on invoking the first secured method (create), the server barks with:

                [Default] javax.security.auth.login.FailedLoginException: No matching username found in Principals
                [Default] at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:96)
                [Default]
                [Default] at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login
                (UsernamePasswordLoginModule.java:103)....

                If I instead specify "MySecurityDomain", the same thing still happens.

                How do i get the identity propagated into the right place?

                TIA,
                kashpaw