-
1. Re: Calling other secured EJB using mutiple LoginContext
superchipchipchip Sep 10, 2002 3:46 PM (in response to superchipchipchip)I have figure out a way to do this. Just post it here if nyone is interested. However the approach is not really desirable as it involves security logic in the code and it is JBoss specific, nevertheless it solves my problem.
In order to authenticate to other JBoss instance, the client EJB has to create a LoginContext. however doing this will lead to overwrite of the existing credential. What i've done is save the current credential, then do login with the remote credential, all the remote functions and then restore the original credential. The following is the code:
//save current credential
Object currentCredential = org.jboss.security.SecurityAssociation.getCredential();
java.security.Principal currentPrincipal = org.jboss.security.SecurityAssociation.getPrincipal();
javax.security.auth.Subject currentSubject = org.jboss.security.SecurityAssociation.getSubject();
// create login context
javax.security.auth.login.LoginContext lc = null;
char[] password = decryptedPassword.toCharArray();
org.jboss.security.auth.callback.UsernamePasswordHandler thisCallbackHandler = new org.jboss.security.auth.callback.UsernamePasswordHandler(login,password);
try {
lc = new
//"Client-Domain should be defined in login-cofig.xml which uses ClientLoginModule
javax.security.auth.login.LoginContext("Client-Domain", thisCallbackHandler);
lc.login();
//get the remote interface
java.util.Properties jndiProps = new java.util.Properties() ;
jndiProps.setProperty("java.naming.factory.initial", "org.jnp.interfaces.NamingContextFactory" ) ;
jndiProps.setProperty("java.naming.provider.url", remoteServer ) ;
jndiProps.setProperty("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces" ) ;
javax.naming.InitialContext remoteIC = new javax.naming.InitialContext(jndiProps);
Object ref = remoteIC.lookup(jndiName);
somebean thebean = (somebean) PortableRemoteObject.narrow(ref, somebean.class);
//invoke remote method
thebean.runSomething()
//logoff
lc.logout();
// recover the original credentials
org.jboss.security.SecurityAssociation.setCredential(currentCredential);
org.jboss.security.SecurityAssociation.setPrincipal(currentPrincipal);
org.jboss.security.SecurityAssociation.setSubject(currentSubject);