-
1. Re: Security Propagation between JVM's
vdweij Jan 31, 2005 2:54 PM (in response to mklaver)Check out this thread http://www.jboss.org/index.html?module=bb&op=viewtopic&t=55287. It shows a workaround that uses a Filter to catch the password passed in the HTML Form.
-
2. Re: Security Propagation between JVM's
mklaver Feb 1, 2005 4:48 AM (in response to mklaver)Thanx but I prefer a solution without any "hacking". I managed to pass the credentials using a JAAS Realm in Tomcat. I configured the JAAS Realm in server.xml as follows:
Then I configured the ClientLogin context as follows:
ClientLogin {
com.tagish.auth.FileLogin required debug=true pwdFile="C:/java_tools/Server/Tomcat5.0/conf/passwd";
org.jboss.security.ClientLoginModule required;
};
This all works fine in a simple HelloWorld application which calls a secured session bean, but when I try the same using the JSF framework I get the Exception: Authentication exception, principal=null when I do a call to the EJB.
Any suggestions?
Regards,
Mario -
3. Re: Security Propagation between JVM's
mklaver Feb 1, 2005 4:51 AM (in response to mklaver)(sorry for the repost, but part of the message was invisible)
Thanx but I prefer a solution without any "hacking". I managed to pass the credentials using a JAAS Realm in Tomcat. I configured the JAAS Realm in server.xml as follows:
lt Realm className="org.apache.catalina.realm.JAASRealm"
appName="ClientLogin"
userClassNames="com.tagish.auth.TypedPrincipal"
roleClassNames="com.tagish.auth.TypedPrincipal"
debug="99"/ gt
Then I configured the ClientLogin context as follows:
ClientLogin {
com.tagish.auth.FileLogin required debug=true pwdFile="C:/java_tools/Server/Tomcat5.0/conf/passwd";
org.jboss.security.ClientLoginModule required;
};
This all works fine in a simple HelloWorld application which calls a secured session bean, but when I try the same using the JSF framework I get the Exception: Authentication exception, principal=null when I do a call to the EJB.
Any suggestions?
Regards,
Mario -
4. Re: Security Propagation between JVM's
mklaver Feb 9, 2005 1:24 AM (in response to mklaver)After hours and hours of evaluating the differences between the two applications I found the difference that caused the problem. To use the ClientLoginModule of JBoss in Tomcat you need to add the jbossall-client.jar in your classpath. I did that, but I also had this library in WEB-INF/lib of my webapp and for some reason this caused that the credentials where not passed during my call to the secured EJB. Removing the jbossall-client.jar from the WEB-INF/lib directory did the trick.