1 Reply Latest reply on Jun 18, 2003 9:09 AM by sradford

    Security issues with EJB to EJB communication between differ

    jarikr

      Hi,

      I have the following scenario

      1. the client connects to a session bean on server1 with the role "client"

      2. the session bean on server1 tries to connect a session bean on server2 which requries the role "server"

      My problem is: as long as I work with one server, the <run-as> tag does a good job for the role change. But when I try to connect to server2, the client role is taken, which is not sufficient. Basically I want to build up a trust relationship between the two server. The EJB-spec mentions such a trust relationship, but in the pay-doc the <run-as> tag is only explained with a server internal use-case.
      How can I build up a trust relatonship with JBoss 3.2.1?

        • 1. Re: Security issues with EJB to EJB communication between di
          sradford

          You just need to set a LoginContext for server1 to connect to server2 don't you (and configure the SecurityRealms of course)?

          Something like:

          SecurityAssociationHandler handler = new SecurityAssociationHandler();
          Principal userPrincipal = new Principal() {
          public String getName() {
          return "loginNameForServer2";
          }
          };
          handler.setSecurityInfo(userPrincipal, "passwordToUse".toCharArray());
          LoginContext loginContext =
          new LoginContext("server2SecurityRealm", (CallbackHandler) handler);
          loginContext.login();

          Regards,

          Sean