1 Reply Latest reply on Jun 29, 2006 12:11 PM by ostap.cherkashin

secure jndi lookup

kgrjb Jun 23, 2006 3:15 AM

im using jboss-4.0.3SP1.

How to configure a secure jndi lookup?
this is not explained in SecureJBoss trail.

that is how to specify a username - password in InitialContetxt properties
and JBoss returns the lookup jndi resource[eg. ejb] with the given security credentials.
If we dont do this, anyone can just hack jndi lookup? Or is there a different alternative to secure jndi lookup?

Properties p = new Properties();
...
...
properties.put(Context.SECURITY_PRINCIPAL, username);
properties.put(Context.SECURITY_PRINCIPAL, password);

InitialContext ctx = new InitialContext(properties);

ctx.lookup(something);

1. Re: secure jndi lookup

ostap.cherkashin Jun 29, 2006 12:11 PM (in response to kgrjb)

Please refer to http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch3.chapter.html. There is an org.jboss.security.jndi.LoginInitialContextFactory, and you could also try to use HTTPS to access the initial context.
Actions