2 Replies Latest reply on Feb 6, 2004 10:52 AM by starksm64

    JAAS question

    yxyang Feb 6, 2004 4:30 AM

      Hello

      I am new to JAAS.

      Because of the special requirement of the project, the identy ID and credential of the clients are not known until one of my session bean to caculate them based on the input of the clients. So, my question is :

      (1)Is it possible to do JAAS login() in a session bean so that the client is authorized to invoke other methods?

      (2) How to? Any examples?

      Regards
      yang

      • 1676 Views
      • Tags:
        • 1. Re: JAAS question
          juha Feb 6, 2004 10:12 AM (in response to yxyang)

          Standard ejb-jar.xml allows you to set security roles per method, just leave the one that calculates the identity as < unchecked/>.

          You can do client side login() after invoking this method.

            • Actions
          • 2. Re: JAAS question
            starksm64
            starksm64 Feb 6, 2004 10:52 AM (in response to yxyang)

            Yes, the session bean can do a login and use the ClientLoginModule to set the caller identity for subsequent calls. If your trying to invoke secured methods on the bean doing the login, you will have to obtain the remote/local interface from the session context and invoke the methods through that or else you are bypassing the security checks.

            There is an example of a servlet calling into the ejb layer after a jaas login in the testsuite called org.jboss.test.web.servlets.ClientLoginServlet

              • Actions