-
1. Re: MDB, LoginContext, RunAs
rp28 Sep 26, 2003 4:13 PM (in response to rp28)
I needed to add
<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
</login-module>
as the last item in the section to the appropriate <application-policy> in the login-conf.xml. -
2. Re: MDB, LoginContext, RunAs
urunkulia May 12, 2004 7:49 AM (in response to rp28)Hi rp28,
I have the same problem with a MDB, that calls various secured session beans. These session are configured with <use-caller-identity/>.
The MDB has no security identity due to asynchronous communication. I have tried using <run-as><role-name> with the MDB, but an AuthenticationException, principal=null is thrown.
So I have tried to solve this problem with the code snippet you had written to get a security identity that can be passed to the session beans.
The code snippet from the onMessage method of my MDB (JBoss 3.2.3 w/ Tomcat):CallbackHandler callbackHandler = new UsernamePasswordHandler(username, password); LoginContext lc = new LoginContext("test", callbackHandler); lc.login(); Subject subject = lc.getSubject(); Subject.doAs(subject, new PrivilegedAction() { public Object run() { MySessionLocalHome home = [getHome]; MySession mySession = home.create(); return null; } }); mySession.callSomeMethods();
In login-config.xml I configured my <application-policy> with DatabaseServerLoginModule which works fine as long as I don't use MDBs.
Though I get an AuthenticationException, principal=null.
Any ideas? Have I forgotten to configure something? Any help would be appreciated. -
3. Re: MDB, LoginContext, RunAs
urunkulia May 13, 2004 5:23 AM (in response to rp28)Hi,
I've got a solution for my problem.
This Thread helped to solve my problem:
http://jboss.org/index.html?module=bb&op=viewtopic&t=38229
I had to add another login module in login-config.xml:
<login-module
code = "org.jboss.security.ClientLoginModule"
flag = "required">
</login-module>
I am using DatabaseServerLoginModule but it will only work correctly with the ClientLoginModule. The CallerIdentity is now passed from my MDB to my SessionBeans.