2 Replies Latest reply on Aug 11, 2006 1:40 PM by fosodguez

    Problems with my security proxy

    fosodguez
    fosodguez Aug 10, 2006 11:12 PM

      Hi to everybody, I'm practically newbie in JBoss and EJB deployment so I hope this doesn't sound stupid...

      The client perform a JAAS login to establish the principal and credentials for authentication in the server. The LoginModule used in client is ClientLoginModule. After a sucessful "login" it obtains teh home interface of a stateless session bean and calls to create method.

      In the server it is a security proxy configured to protect this bean so when create method is called, first setEJB methos of the proxy is called and then invokeHome. My problem is that I want to retrieve the principal and the password obtained in the client through the context but this seem to be null.
      How can i get the values of the principal and credential?

      Thanks for all.

      • 2829 Views
      • Tags:
        • 1. Re: Problems with my security proxy
          j2ee_junkie
          j2ee_junkie Aug 11, 2006 10:23 AM (in response to fosodguez)

          fosodquez,

          The ClientLoginModule does not have any authentication logic, so if that is your only login module, then you are not authenticating.

          cgriffith

            • Actions
          • 2. Re: Problems with my security proxy
            fosodguez
            fosodguez Aug 11, 2006 1:40 PM (in response to fosodguez)

            hi j2ee_junkie,

            I know ClientLofinModules hasn't any authenticacton logic, I'm following what it's said in this document, point 8.4.1:

            http://docs.jboss.org/jbossas/jboss4guide/r2/html/ch8.chapter.html

            Login client side has done sucessfully and after doing lc.login() () if I put this line lc.getSubject().getPrincipals() I get as principal the name I have filled in the username field.
            In the second step it is said that if i obtain the EJB home interface and create a bean, this results in a home interface method invocation being sent to the JBoss server. The invocation includes the method arguments passed by the client along with the user identity and credentials from the client-side JAAS login performed in step 1.
            To invoke create method calls first setEJBContext (EJBContext ctx) but ctx is null and then invokeHome method. If i want to do an authentication in the server side I need to know the principal and the credential obtained in first step. How can i get the principal obtained in the first step in security proxy without sending them as parameters when i invoke create method if ctx is null in sec proxy?

            Thanks

              • Actions