1 Reply Latest reply on Sep 24, 2001 3:24 AM by jwkaltz

    simple question

    osw

      Hi
      I'm quite new to both JAAS and JBoss security model.
      I wrote my own client LoginModule which logins user with specified Subject. Next step as I understand is to get InitialContext to locate home interfaces and so on.
      JBoss documentation says:
      ======================
      The client at some later point obtains the home interface for an EJB and attempts to create a bean. This results in a home interface method invocation that is sent to the JBoss server. The invocation includes the method arguments passed by the client along with the user identity and credentials.======================
      How do user identity and credentials pass along with method argumetnts ?
      These instances seem to me fully independent: LoginContext and InitialContext. What mechanism is responsible for passing them together ?

      Thanks in advance.

        • 1. Re: simple question
          jwkaltz

          I just went through the same questions last week and here is my understanding :
          you need to have ClientLoginModule (from JBoss) in addition to any of your own login modules (in the JAAS configuration). When you do login(), your login modules + the JBoss ClientLoginModule are then executed. The execution of ClientLoginModule binds user identity and credentials to JBoss, so afterwards they will be automatically passed in calls to JBoss. You do not explicitly set them in InitialContext or anywhere else.

          (As I am also quite new to this model I welcome any corrections)