4 Replies Latest reply on Feb 9, 2005 1:24 AM by mklaver

    Security Propagation between JVM's

    mklaver

      I have the following question:
      How can I propagate the security credentials between 2 JVM's?

      We have a frontend webapplication running on tomcat 5. We use form-based authentication to authenticate the user. This application uses EJBs on the backend server running on a different machine (JBoss3.2). I want to put declarative security on these EJBs. How can I propagate the Principal to the JBoss instance? I can't use the ClientLoginModule since I don't have the password, because I use form-based authentication.

      Any help would be appreciated.

      Mario

        • 1. Re: Security Propagation between JVM's
          vdweij

          Check out this thread http://www.jboss.org/index.html?module=bb&op=viewtopic&t=55287. It shows a workaround that uses a Filter to catch the password passed in the HTML Form.

          • 2. Re: Security Propagation between JVM's
            mklaver

            Thanx but I prefer a solution without any "hacking". I managed to pass the credentials using a JAAS Realm in Tomcat. I configured the JAAS Realm in server.xml as follows:



            Then I configured the ClientLogin context as follows:
            ClientLogin {
            com.tagish.auth.FileLogin required debug=true pwdFile="C:/java_tools/Server/Tomcat5.0/conf/passwd";
            org.jboss.security.ClientLoginModule required;
            };

            This all works fine in a simple HelloWorld application which calls a secured session bean, but when I try the same using the JSF framework I get the Exception: Authentication exception, principal=null when I do a call to the EJB.

            Any suggestions?

            Regards,
            Mario

            • 3. Re: Security Propagation between JVM's
              mklaver

              (sorry for the repost, but part of the message was invisible)

              Thanx but I prefer a solution without any "hacking". I managed to pass the credentials using a JAAS Realm in Tomcat. I configured the JAAS Realm in server.xml as follows:

              lt Realm className="org.apache.catalina.realm.JAASRealm"
              appName="ClientLogin"
              userClassNames="com.tagish.auth.TypedPrincipal"
              roleClassNames="com.tagish.auth.TypedPrincipal"
              debug="99"/ gt

              Then I configured the ClientLogin context as follows:
              ClientLogin {
              com.tagish.auth.FileLogin required debug=true pwdFile="C:/java_tools/Server/Tomcat5.0/conf/passwd";
              org.jboss.security.ClientLoginModule required;
              };

              This all works fine in a simple HelloWorld application which calls a secured session bean, but when I try the same using the JSF framework I get the Exception: Authentication exception, principal=null when I do a call to the EJB.

              Any suggestions?

              Regards,
              Mario

              • 4. Re: Security Propagation between JVM's
                mklaver

                After hours and hours of evaluating the differences between the two applications I found the difference that caused the problem. To use the ClientLoginModule of JBoss in Tomcat you need to add the jbossall-client.jar in your classpath. I did that, but I also had this library in WEB-INF/lib of my webapp and for some reason this caused that the credentials where not passed during my call to the secured EJB. Removing the jbossall-client.jar from the WEB-INF/lib directory did the trick.