2 Replies Latest reply on Mar 20, 2005 2:22 AM by jasonvenhuizen

    Authentication EJB

    mcarrion
    mcarrion Sep 7, 2001 4:39 AM

      I have a session bean (login) with the method
      boolean authenticate(string n, string p) that return true if the user is correct, false otherwise

      I also have a session bean (test) with three methods, one is available for role1, the other one for the role2 and the last one for the role3.

      The login bean has permissions for everybody but I can't execute the create method because I'm not yet authenticated, so I authenticate a default user, but, when I try to execute the create I'm not yet authenticated... what should I do between lc.login(...) and loginHome.create() in the servlet code???

      try {
      LoginContext lc;
      DialogCallbackHandler dch = DialogCallbackHandler();
      lc=new LoginContext("simple", dch);
      lc.login();
      Login login;
      login = homeLogin.create();
      } catch (Exception e) {
      e.printStackTrace();
      }

      I also tryed to execute the .create inside a PrivilegedAction, using the Subject.doAs(...)

      Thanks,
      M.

      • 3405 Views
      • Tags:
        • 1. Re: Authentication EJB
          starksm64
          starksm64 Sep 8, 2001 10:50 AM (in response to mcarrion)

          Configure the login module to assign an unauthenticatedIdentity value(assuming its a subclass of org.jboss.security.auth.spi.UsernamePasswordLoginModule) as is done in the default auth.conf file:

          // The default server login module
other {
 // A simple server login module, which can be used when the number
 // of users is relatively small. It uses two properties files:
 // users.properties, which holds users (key) and their password (value).
 // roles.properties, which holds users (key) and a comma-separated list of
 their roles (value).
 // The unauthenticatedIdentity property defines the name of the principal
 // that will be used when a null username and password are presented as is
 // the case for an unuathenticated web client or MDB. If you don't want to
 // allow such users to be authenticated remove the property.
 org.jboss.security.auth.spi.UsersRolesLoginModule required
 unauthenticatedIdentity="nobody";

};


          If you can't do that then you can assign this inside of the jboss.xml descriptor using the unauthenticated-principal element: 

          <jboss>
 <unauthenticated-principal>nobody</unauthenticated-principal>
...
</jboss>



            • Actions
          • 2. Re: Authentication EJB
            jasonvenhuizen
            jasonvenhuizen Mar 20, 2005 2:22 AM (in response to mcarrion)

            I was able to create the LoginContext in my session bean, but after authenticating which granted my user the proper role I still get a security error when I try to invoke another method. Is there something I need to do to associcate the login context with the current session?

              • Actions