4 Replies Latest reply on Nov 22, 2001 8:38 AM by jwkaltz

    Passing credentials to JBoss

    parisd

      Hi,

      I'm trying to use a database login module. Setting it up was OK, but now I get a java.lang.SecurityException: Authentication exception, principal=null

      The client is a web page (on Tomcat) but login is not done in any of the standard ways (form, etc.) that can be defined in the web.xml file. Instead it is done manually by looking up the username/password in the database. So I think that the question is how to inform JBoss that a user has logged in, so that when they try to access an EJB, JBoss can perform the necessary authentication?

      TIA

      Paris

        • 1. Re: Passing credentials to JBoss
          parisd

          OK, it seems I managed to find it myself :)

          Just for the record, and in case I got something wrong:
          I have an AppCallbackHandler class (found it somewhere on the web :)) which supplies the name and password when required from the LoginContext. The LoginContext on the client uses the ClientLoginModule, and on the server the DatabaseServerLoginModule.

          Another point which got me a bit confused in the beginning: the Roles table will have 2 (or possibly more?) entries for each principal: one with RoleGroup = Roles (its Role value is what should match the security setting in ejb-jar.xml) and one with RoleGroup = CallerPrincipal (its Role value being what is returned from the EJB when context.getCallerPrincipal() is called).

          If this is not really how it should be, please let me know.

          Cheers,
          Paris

          • 2. Re: Passing credentials to JBoss
            foglesa

            the Roles table could have multiple entries.

            In my case I have the following roles...

            Admin
            Manager
            User

            An admin will have all 3 roles (thus 4 entries in the roles table)

            a Manager will have 3 entries (2 roles plus cllerPrincipal)

            and a user will have 2.

            So there are possibly n+1 entries in the table where n=# of possible roles.

            Al

            • 3. Re: Passing credentials to JBoss
              parisd

              Just one more question:

              From my tests, it seems that all JSP pages that access an EJB have to create a LoginContext and call login() first.

              Is it possible to only do that once for each session? So that you only call it at login, and then all subsequent calls from that session have the correct credentials associated with them?

              Thanks,
              Paris

              • 4. Re: Passing credentials to JBoss
                jwkaltz

                The problem is, your JSPs are shared (by all sessions). So before calling JBoss in a JSP, you need to update your credentials, otherwise your call is done with whatever user credentials were set the first time.

                I store the credentials in the HttpSession, and in every servlet call which needs to call JBoss I retrieve the credentials and perform the JBoss client-side login. Of course you can encapsulate this behaviour very nicely in some class called JBossHandle or something.

                You need to do this if you're using a standalone Tomcat. If you use the embedded Jboss/Tomcat I think this mechanism is taken care of for you.