-
1. Re: JBoss Wrapper for Subject.DoAs
starksm64 Oct 7, 2004 9:35 PM (in response to subri.shastry)Subject.doAs(...) means nothing special to jboss. Just doing the JAAS login with the org.jboss.security.ClientLoginModule enables the association of the authenticated Subject with the caller context. Read the JAAS howto in the user forum to get an overview of how security works in jboss. This post has been moved to that forum.
-
2. Re: JBoss Wrapper for Subject.DoAs
subri.shastry Oct 8, 2004 11:04 AM (in response to subri.shastry)Thanks Scott, I 2 questions
1. I am a web client, I have 2 servlets.
a. LoginServlet where I invoke the loginContext.login using the ClientLoginModule. This automagically creates a Subject and I need not do any doAs or RunAs and I can access any EJB.
b. I have viewOtherScreens Servlet which handles request from client for other screens.
Obviously I do not want to call login() again but want to access the EJB. I may use a pool of threads and hence the login thread may be t1 and now I am in t2 when I went to viewOtherScreens.
Now question: How does JBoss get my Subject that was authenticated? -
3. Re: JBoss Wrapper for Subject.DoAs
starksm64 Oct 8, 2004 11:28 AM (in response to subri.shastry)If the web page is secured then the identity will automatically be used for accessing ejbs. Otherwise, you have to establish the identity via a JAAS login.
-
4. Re: JBoss Wrapper for Subject.DoAs
subri.shastry Oct 8, 2004 11:59 AM (in response to subri.shastry)>>Otherwise, you have to establish the identity via a JAAS login
Unfortunately we are not using secured access but http. I am not clear what will it take to establish the identity via a JAAS login and propogate that to the JBoss server. Does this mean call login() in each Servlet?