3 Replies Latest reply on Oct 19, 2007 3:49 PM by anil.saldhana

identity propagation between different instances

realmdynamics Oct 4, 2007 8:09 PM

Hi,
I am new to JBoss and I have a question about identity propagation between the web and ejb tier.

In particular, we have 2 instances of JBoss (4.0.5) running on two separate computers. We are only using the first instance for web tier operations and the second instance for ejb tier operations. In the web tier, we are using FORM based authentication. With this setup, can JBoss propagate the identity from the web tier to the ejb tier? If so, how do I configure that? pointer to more info is appreciated.

thx
Robert

1. Re: identity propagation between different instances

anil.saldhana Oct 10, 2007 11:25 AM (in response to realmdynamics)

No need for any specific configuration. From your web tier (Servlets), use InitialContext to look up your beans. The security propagation happens automatically.
Actions
2. Re: identity propagation between different instances

realmdynamics Oct 10, 2007 2:50 PM (in response to realmdynamics)

Hi anil.saldhana
since the ejb tier is on a different box than the web tier, I thought that conceptually, I would need to configure the ejb tier to trust the security info coming in from a specific web tier box (otherwise, it may be possible to fake the principal and get in without authentication.)

anyways, I tested this configuration using form base authentication at the web tier level and then invoking an ejb on a different box. I invoked a method that doesn't require any authorization and that works fine (initial context plumbing working). When I tried a method requiring authorization, got an exception saying that there is insufficient permission and that the principal=null. Am I missing something?

thx
Robert
Actions
3. Re: identity propagation between different instances

anil.saldhana Oct 19, 2007 3:49 PM (in response to realmdynamics)

http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ
Actions

Go to original post