-
1. Re: No Principals in my Subject ???
starksm64 Sep 19, 2001 10:38 PM (in response to nuanda)What does you client side auth.conf module look like?
-
2. Re: No Principals in my Subject ???
nuanda Sep 19, 2001 10:44 PM (in response to nuanda)It's not very imaginative...I copied your default one ;-)
other {
// Put your login modules that work without jBoss here
// jBoss LoginModule
org.jboss.security.ClientLoginModule required;
// Put your login modules that need jBoss here
}; -
3. Re: No Principals in my Subject ???
starksm64 Sep 19, 2001 10:56 PM (in response to nuanda)Your a little confused on the relationship between the client initiated login and the server side login module configuration. When you do a JAAS login, you execute the login module associated with the login entry named by the LoginContext(name, ...) name parameter. The ClientLoginModule simply takes the client username and password and associates them withe JBoss EJB invocation layer. Any EJB call made by the client after the login will be associated with the login username and password. The server side login modules are executed when an EJB call is made by the client. The server side does a seperate login agains the server side login modules and it is that Subject that has the roles retrieved by your ldap login module.
You would have to use your login module on the client side to see the roles added to the client side Subject. -
4. Re: No Principals in my Subject ???
nuanda Sep 20, 2001 12:20 AM (in response to nuanda)> Your a little confused on the relationship between the client initiated login and the server side login module configuration.
No suprises there ;-)
> You would have to use your login module on the client side to see the roles added to the client side Subject.
Mmm I had noticed and wondered why/how the CallbackHandler was being accessed in the client VM when it's not a Remote obj. + I was thinking that the ClientLoginModule acted like a proxy to a server side module. Doh ;-)
Anywho, so if I deploy my custom LoginModule with the client what then does the job of "associating the username and password with the JBoss EJB invocation layer"? Or would I have to be a litte clever and write a 'client-side' version of my LoginModule ? Or do I associate my LoginModule _and_ the ClientLoginModule as both 'required' in the client's auth.conf ? Would this then mean that the authentication process against the LDAP server happens twice...once from the client LoginModule and once from the server LoginModule?
Thanks for helping out,
Dave -
5. Re: No Principals in my Subject ???
starksm64 Sep 20, 2001 2:15 PM (in response to nuanda)> write a 'client-side' version of my LoginModule ? Or
> do I associate my LoginModule _and_ the
> ClientLoginModule as both 'required' in the client's
> auth.conf ? Would this then mean that the
> authentication process against the LDAP server
> happens twice...once from the client LoginModule and
> once from the server LoginModule?
You would always include the ClientLoginModule as required. Yes, the authentication against the LDAP server would happen twice.