EJB3: How to access @Stateless EJBs from custom LoginModule?
baeurlem Jan 17, 2008 5:37 AMHi,
I have a JBoss 4.2.2.GA WebService application, where the WebServices should be secured.
So I wrote a custom LoginModule for JBoss 4.2.2.GA which extends the org.jboss.security.auth.spi.UsernamePasswordLoginModule. I defined an <application-policy> in the login-config.xml and I use the @SecurityDomain annotation for the secured @WebService beans
So far so good: My LoginModule is called correctly.
Inside the LoginModule I want to call a local @Stateless bean which provides methods to retrieve the user/roles via Hibernate from the database.
But how to access this bean?
I tried the @EJB annotation => no success
I tried a lookup via JNDI => no success (NameNotFoundException)
MyLoginModule:
public class MyLoginModule extends UsernamePasswordLoginModule { private MyAuthenticationService myAuthenticationService; @Override public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { super.initialize(subject, callbackHandler, sharedState, options); try { Context jndiContext = new InitialContext(); this.myAuthenticationService = (MyAuthenticationService) jndiContext.lookup("java:comp/env/ejb/MyAuthenticationServiceImpl"); // does not work (ejb not bound) // does not work: I tried all name combinations // jndiContext.lookup("java:comp.ejb3/env/ejb/MyAuthenticationServiceImpl") => does not work (ejb not bound) // jndiContext.lookup("ejb/MyAuthenticationServiceImpl") => does not work (ejb not bound) // jndiContext.lookup("MyAuthenticationServiceImpl") => does not work (MyAuthenticationServiceImpl not bound) } catch (NamingException ex) { // TODO Auto-generated catch block ex.printStackTrace(); } } @Override protected Principal createIdentity(String username) throws Exception { MyUser user = this.myAuthenticationService.retrieveUserByLoginName(username); return user; } @Override protected String getUsersPassword() throws LoginException { MyUser myUser = (MyUser) this.getIdentity(); return myUser.getPassword(); } @Override protected Group[] getRoleSets() throws LoginException { Group roles = new SimpleGroup("Roles"); // "Roles" is the expected GroupName for the roles for (Principal role : ((MyUser) this.getIdentity()).getRoles()) { roles.addMember(role); } return new Group[] { roles }; } @EJB // has no effect public void setMyAuthenticationService(MyAuthenticationService myAuthenticationService) { this.myAuthenticationService = myAuthenticationService; } }
MyAuthenticationServiceImpl:
@Stateless public class MyAuthenticationServiceImpl implements MyAuthenticationService { // ... public MyUser retrieveUserByLoginName(String loginName) throws LoginException { // here the DAO is called which uses the EntityManager } // ... }
MyAuthenticationService:
public interface JaasService { // ... public MyUser retrieveUserByLoginName(String loginName) throws LoginException; // ... }
What is wrong?