1 Reply Latest reply on Sep 24, 2004 1:14 PM by starksm64

    JAAS ClientLoginModule + ServerLoginModule

    gonzalezcarlos
    gonzalezcarlos Sep 21, 2004 7:19 AM

      Hi All,

      I'm trying to deploy in JBoss two ways to login for my application clients.

      *The first one, using a user and a hashed password (the client is responsible for hashing the cleartext before passing the credential to JAAS).

      *The second one, using a Certificate.

      In the server part, I have two ServerLoginModules that will perform the server authentication (against a DB, in the first case, and against a Validation Authority in the second case).

      It's clear that I will have to use the ClientLoginModule provided to bind the credentials (and handle the interaction with the user), but I can't see how, because the only credential types allowed for binding are an user and a password (and the ClientLoginModule complains with any other Callbacks different from NameCallback and PasswordCallback).

      I was reviewing the code of the ClientLoginModule and I see that there are some classes (SecurityAssociationActions and so on...) that bind the credentials to the implementation of the EJB remoting protocol.

      Is there any way for me to proceed??. I can't implement any other ClientLoginModule that binds any other types of credentials, because the access to the SecurityAssociationActions and so on are package protected.

      Any hints or ideas would be greatly appreciated.

      Thank you very much in advance

      Carlos

      • 2886 Views
      • Tags:
        • 1. Re: JAAS ClientLoginModule + ServerLoginModule
          starksm64
          starksm64 Sep 24, 2004 1:14 PM (in response to gonzalezcarlos)

          You use the password-stacking="useFirstPass" option to the ClientLoginModule and place another login module ahead of it that validates the credentials as this srp example config shows:

          srp-client {
 // Example client auth.conf for using the SRPLoginModule
 org.jboss.security.srp.jaas.SRPLoginModule required
 password-stacking="useFirstPass"
 srpServerJndiName="SRPServerInterface"
 debug=true
 ;

 org.jboss.security.ClientLoginModule required
 password-stacking="useFirstPass"
 ;

 // Put your login modules that need jBoss here
};


          I probably should add a login module option to specify a non-password based Callback object to use to simplify the propagation of non-password based info.


            • Actions