-
1. Re: JAAS in servlet calling EJBs
starksm64 May 18, 2005 10:31 AM (in response to tcherel)What is wrong with chap8 in the admin devel guide which describes this?
-
2. Re: JAAS in servlet calling EJBs
tcherel May 18, 2005 10:55 AM (in response to tcherel)
The one I have is the 3.2.X version.
It explains very well how this is done from an EJB container and EJB client point of view, but it is not very explicit on how this is working when integrated with a Servlet container like tomcat.
Is there a more recent version with more details on this subject?
Thomas -
3. Re: JAAS in servlet calling EJBs
starksm64 May 18, 2005 11:20 AM (in response to tcherel)From a high level it is just the same as the ejb container, there is an interceptor (tomcat valve) which propagates the current security context to the request. Specifically, org.jboss.web.tomcat.security.SecurityAssociationValve.
-
4. Re: JAAS in servlet calling EJBs
tcherel May 18, 2005 11:26 AM (in response to tcherel)
I see (I was actually currently digging into that - see related post I sent earlier).
I am also assuming that this valve is also populating the credential cache or something like that.
What I mean is once the web container has authenticated the user, even though my EJB are also configured with a security domain, a second authentication is not performed for the EJB.
Just setting the security assocations is not enough for the EJB authentication to not take place, isn't it? The credential cache must be populated or something must tell the EJB container to not go through the JAAS authentication again. Correct?
Thomas -
5. Re: JAAS in servlet calling EJBs
starksm64 May 18, 2005 11:38 AM (in response to tcherel)A single security domain has a single cache. There may be other higher level caches, but the same Subject with the custom principal added by the original authentication is there.
-
6. Re: JAAS in servlet calling EJBs
tcherel May 18, 2005 11:56 AM (in response to tcherel)Got it.
I know understand better how the identity is propagated between the tomcat web container and JBoss.
Thanks for the help.
Thomas