Jboss clientLoginModule authentication Posted: May 18, 2003 10:39 PM
I am using jboss 2.4.10 and read about the
jaas authentication and so forth
I have configured the sample client with
auth.conf setup externally and inside java,
with
- System.setProperty("java.security.auth.login.config","auth.conf");
AppCallbackHandler
- handler = new AppCallbackHandler("test", "test");
LoginContext lc = new LoginContext("my-client", handler);
all setup
the jboss allows me to login successfully at all time.
I output the login user/password param through the callback method with no problem.
but practically how do I make sure that those users not in the "list" can't login to use my EJB.
I can't find the match of users.properties and roles.properties with the loginContext above.
Anyone ? BTW, thank you.
Regards,
Pete
Re: Jboss clientLoginModule authentication Posted: May 21, 2003 5:35 AM
I have made the JAAS authentication works with JBoss 2.4.10 by checking the user's principal against users.properties / roles.properties / my-client.properties
My EJB's meta-inf, jboss.xml file contains below :-
<security-domain>java:/jaas/@security-domain@</security-domain>
<enterprise-beans>
..
..
It works only if I deployed the EJB directly into the deploy folder. When I login with invalid user id or password, JBoss server will invoke securityexception error
BUT if I start JBoss from command prompt with the previous EJB already loaded in deploy folder, then
JBoss no longer authenticate against the user-id and password, even wrong id and/or password allows the client to invoke the bean. Why?
Regards,
Pete
The ClientLoginModule do no authenticate work. It just pass the login information to server.
So if you want to do authenticate on client, ClientLoginModule is not the right choice.