3 Replies Latest reply on May 13, 2004 5:23 AM by urunkulia

    MDB, LoginContext, RunAs

    rp28
    rp28 Sep 26, 2003 1:08 PM


      I have a MDB successfully running but I would like to make calls to various session beans under a certain user context, so I'm attempting to do something as follows:



      UsernamePasswordHandler a = new UsernamePasswordHandler("test","test");
      LoginContext lc = new LoginContext("simple", a);

      lc.login();

      Subject s = lc.getSubject();

      Subject.doAs(s,new PrivilegedAction() {
      public Object run() {


      SomeSessionHome uh = [get home ]

      SomeSession un = uh.create();

      ....
      }});

      All is fine, and the authentication is working successfuly against my .properties files as I get an error with an invalid password, however the calls to the .create fails with

      java.lang.SecurityException: Authentication exception, principal=null

      Any ideas what I might be missing?

      • 3207 Views
      • Tags:
        • 1. Re: MDB, LoginContext, RunAs
          rp28
          rp28 Sep 26, 2003 4:13 PM (in response to rp28)


          I needed to add
          <login-module code = "org.jboss.security.ClientLoginModule"
          flag = "required">
          </login-module>

          as the last item in the section to the appropriate <application-policy> in the login-conf.xml.

            • Actions
          • 2. Re: MDB, LoginContext, RunAs
            urunkulia
            urunkulia May 12, 2004 7:49 AM (in response to rp28)

            Hi rp28,

            I have the same problem with a MDB, that calls various secured session beans. These session are configured with <use-caller-identity/>.

            The MDB has no security identity due to asynchronous communication. I have tried using <run-as><role-name> with the MDB, but an AuthenticationException, principal=null is thrown.

            So I have tried to solve this problem with the code snippet you had written to get a security identity that can be passed to the session beans.

            The code snippet from the onMessage method of my MDB (JBoss 3.2.3 w/ Tomcat):

            CallbackHandler callbackHandler = new UsernamePasswordHandler(username, password);
 LoginContext lc = new LoginContext("test", callbackHandler);
 lc.login();
 Subject subject = lc.getSubject();
 Subject.doAs(subject, new PrivilegedAction() {
 public Object run() {

 MySessionLocalHome home = [getHome];
 MySession mySession = home.create();
 return null;
 }
 });
mySession.callSomeMethods();


            In login-config.xml I configured my <application-policy> with DatabaseServerLoginModule which works fine as long as I don't use MDBs.

            Though I get an AuthenticationException, principal=null.

            Any ideas? Have I forgotten to configure something? Any help would be appreciated.

              • Actions
            • 3. Re: MDB, LoginContext, RunAs
              urunkulia
              urunkulia May 13, 2004 5:23 AM (in response to rp28)

              Hi,

              I've got a solution for my problem.

              This Thread helped to solve my problem:
              http://jboss.org/index.html?module=bb&op=viewtopic&t=38229

              I had to add another login module in login-config.xml:
              <login-module
              code = "org.jboss.security.ClientLoginModule"
              flag = "required">
              </login-module>

              I am using DatabaseServerLoginModule but it will only work correctly with the ClientLoginModule. The CallerIdentity is now passed from my MDB to my SessionBeans.

                • Actions