Servlet access to secure EJB
mjeffrey Jul 4, 2002 1:15 PMThis seems to be a bug in Jboss - any comments.
I have a secured EJB method that I would like to call from a servlet.
For various reasons I want to authenticate without prompting the user and, for the moment, I have hardcoded the username password.
(If you're interested, what I want to do is start a web browser from a Java Application and display a page which accesses a secure EJB - authentication data in the form of a one-time-valid-token will be supplied on the command line)
I have created a callback handler which sets the username password (see below) and I call this from the servlet (this works - if I set the password incorrectly I get a failed login message otherwise it is OK).
When I try to access the EJB I get the exception java.lang.SecurityException: Authentication exception, principal=null
If I set up BASIC authentication in the web.xml then I can access the EJB but the user has to authenticate themselves using the normal dialog.
I have also got this working with a standalone client - is it possible with a servlet?
I am using JBoss 3.0 production.
Any help greatly appreciated.
thanks,
Mark
static class ServletCallbackHandler implements CallbackHandler
{
private String username;
private String password;
private long userID;
ServletCallbackHandler(long userID)
{
this.userID = userID;
System.out.println("In ServletCallbackHandler userID=" + userID);
}
private void getUsernamePassword()
{
this.username = "d";
this.password = "d1";
}
public void handle(Callback[] callbacks)
throws java.io.IOException, UnsupportedCallbackException
{
getUsernamePassword();
System.out.println("Handling callback");
for (int i = 0; i < callbacks.length; i++)
{
if (callbacks instanceof NameCallback)
{
NameCallback nc = (NameCallback) callbacks;
nc.setName(username);
System.out.println("Handling callback, user=" + username );
}
else if (callbacks instanceof PasswordCallback)
{
PasswordCallback pc = (PasswordCallback) callbacks;
pc.setPassword(password.toCharArray());
System.out.println("Handling password callback, password=" + password);
}
else
{
throw new UnsupportedCallbackException(callbacks, "Unrecognized Callback");
}
}
}
}
private ServletLoginHandler()
{
}
public static void doLogin(long userID)
{
String username = null;
ServletCallbackHandler handler = null;
try
{
handler = new ServletCallbackHandler(userID);
LoginContext lc = new LoginContext("HRBaseClient", handler);
lc.login();
}
catch (LoginException le)
{
le.printStackTrace();
}
}