2 Replies Latest reply on Mar 16, 2006 10:44 PM by j2ee_junkie

    Need to access secured EJB in LoginModule

    j2ee_junkie
    j2ee_junkie Mar 15, 2006 1:23 PM

      Dear JBossers,

      I thougth I solved a problem with my particular use case, but it has reared its ugly head again. Maybee there is someone out there who can advise.

      I need to access a secured EJB from my custom LoginModule. But just to make things a bit more tricky, I need to access the EJB during the login(), commit(), and logout() methods.

      The org.jboss.security.auth.spi.RunAsLoginModule is only designed to push run-as identity during login. I was able to use trickery and sandwich my LM between two RunAsLoginModules to get access during the commit() method. But I still have not figured out how to do this during logout().

      From what I can tell, my only option is...


      1: code my LoginModule to use org.jboss.security.jndi.JndiLoginInitialContextFactory to get EJB interface.

      2: create a sparate application-policy in login-config.xml only for this one purpose that just returns a Subject with role needed by EJB


      Anyway, just looking for other options. Anyone... Anyone... Bueller?

      thanks all, cgriffith

      • 5380 Views
      • Tags:
        • 1. Re: Need to access secured EJB in LoginModule
          starksm64
          starksm64 Mar 16, 2006 6:25 PM (in response to j2ee_junkie)

          There is no way to call an ejb secured by the same security domain as the login module short of writing a new SecurityInterceptor that looks to a run-as role or other token before deciding to do authentication. It does not make sense for this relationship to exist in my view as there is no differentiation between callers of an ejb. A login module has no special role to do so unless a seperate security domain or interceptor is used to provide this.

            • Actions
          • 2. Re: Need to access secured EJB in LoginModule
            j2ee_junkie
            j2ee_junkie Mar 16, 2006 10:44 PM (in response to j2ee_junkie)

            Yeah I agree, after much consideration. I just thought it would be cool to have a LoginModule that asked an EJB to do the login. However, I have changed my LM design to access DB directly.

            later, cgriffith

              • Actions