5 Replies Latest reply on Oct 3, 2003 1:30 PM by juha

    Java Swing client and JBoss strategy

    jobor

      Hello,

      I have read a lot in the documentation but to me JAAS in JBoss is still confusing. So I have a question about the security strategy that I have to follow. I can't find a good code example like our situation.
      We are using a total separate Swing client with JBoss on the server (session beans logic). The database behind JBoss differs from Oracle to MySQL.
      What is the way to single sign on to JBoss from the Swing client so I can use the J2EE security (roles) propagation in the EJB's?
      The users are in the database.
      I read about a database login module but can I e.g. use that on a standalone Swing client?
      So how can I do authentication from a Swing client using JAAS with JBoss.

      Can anybody give me a good hint or point me to additional examples or documentation?

      Many thanks in advance,

      Johan

        • 1. Re: Java Swing client and JBoss strategy

          Configure a database login module. Your swing client won't use it directly, rather every EJB invocation it makes to the server side will be authenticated with the user information from the database. If you want to have a login screen at the beginning of your Swing app to authenticate the user, just send a noop EJB invocation with the username and password you collected from your login dialog.

          -- Juha

          • 2. Re: Java Swing client and JBoss strategy
            jobor

            Thanks for the answer. But I have a next question after trying this construction in a test.
            I receive an error form JBoss from the SecurityInterceptor checkSecurityAssociation method saying "Authentication exception, principal=".
            On the client i did a succesful implementation of the ClientLoginModule I think but what I see and think is that the username is not transported to JBoss?
            What could be wrong.

            Johan

            • 3. Re: Java Swing client and JBoss strategy
              jobor

              Another file which is important and I forgot to attach.

              Johan

              • 4. I solved the problem
                jobor

                Yes I did. The only thing I did was removing the line with the text "password-stacking="useFirstPass"" in the file myjaas.config. I don't know why I had this line in my file but I think I copied it from an example.
                I also do not know, at this moment, the meaning of this property. Maybe sometime later. The important thing is I can make a Swing GUI with security on JBoss.

                Johan

                • 5. Re: I solved the problem

                  The useFirstPass option applies if you are using more than one login module in your JAAS Configuration and only want authentication done once.

                  -- Juha