4 Replies Latest reply on Jan 18, 2005 9:28 PM by starksm64

    Specify SECURITY_PRINCIPAL and SECURITY_CREDENTIALS ?

    760613
    760613 Jan 17, 2005 8:19 AM

      Hi,

      Sorry if you find this question have been already answered in other documents/posts but I really still cant find a good answer!

      I want to use SECURITY_PRINCIPAL and SECURITY_CREDENTIALS from my clients when establish a context.

      Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, MY_CTX);
env.put(Context.PROVIDER_URL, MY_URL);
//...
env.put(Context.SECURITY_PRINCIPAL, MY_PRINC);
env.put(Context.SECURITY_CREDENTIALS, MY_CRED);
//...
return new InitialContext(env);


      I cant figure out how to solve it without using advanced modules or JBoss specific solution. I really want to keep my code independent and my EAR as portable as possible.

      Thats why all MY_XXXXX constants are given in a properties.

      Thank you!

      • 4923 Views
      • Tags:
        • 1. Re: Specify SECURITY_PRINCIPAL and SECURITY_CREDENTIALS ?
          tcherel
          tcherel Jan 17, 2005 10:04 AM (in response to 760613)

          As far as I understand, authetnication through the JNDI context is not supported by JBoss.
          So, if you want to do it anyway, you will need to develop your own JBoss specific code to support it (or wait that JBoss supports it).

          The other "standard" authentication mechanism is to use JAAS. I do believe that, at least, WebLogic, WebSphere and JBoss support this mechanism.
          But the JAAS API is the only part that is standardized. Configuring JAAS for the application server is app server specific. According to which "directory" you want to authenticate with, the configuration can be only a few lines in a config file or a complete JAAS login module with extra "glue" to plug it in the app server.

          Thomas

            • Actions
          • 2. Re: Specify SECURITY_PRINCIPAL and SECURITY_CREDENTIALS ?
            starksm64
            starksm64 Jan 17, 2005 12:18 PM (in response to 760613)

            Read about org.jboss.security.jndi.LoginInitialContextFactory:

            http://www.jboss.org/wiki/Wiki.jsp?page=LoginInitialContextFactory

            Passing the login credentials through the JNDI InitialContext is not a standard. There is no j2ee spec that even suggests this is how a client might provide its authentication info.

              • Actions
            • 3. Re: Specify SECURITY_PRINCIPAL and SECURITY_CREDENTIALS ?
              760613
              760613 Jan 18, 2005 4:28 AM (in response to 760613)

              Thanks tcherel and Scott.

              Scott I ve read about the LoginInitialContextFactory.

              If I get it right I need to do followings:


              1. write a new application-policy (login-config.xml) based on a login-module or use the pre-defined client-login.
              2. in the DD use the <security-domain>java:/jaas/client-login</security-domain>
              3. update the env with:
               env.put( Context.SECURITY_PROTOCOL, "java:/jaas/client-login" )

              4. obtain a Context as:
              org.jboss.security.jndi.LoginInitialContextFactory.getInitialContext( env );



              Am I doing it right? I guess stage 2 is not needed if its a java-client (no web component.).

              Thanks!

                • Actions
              • 4. Re: Specify SECURITY_PRINCIPAL and SECURITY_CREDENTIALS ?
                starksm64
                starksm64 Jan 18, 2005 9:28 PM (in response to 760613)

                You don't do 4. This is done by JNDI when you use the org.jboss.security.jndi.LoginInitialContextFactory class as the Context.INITIAL_CONTEXT_FACTORY value in the env passed to InitialContextFactory.

                  • Actions