3 Replies Latest reply on Jul 12, 2008 1:56 PM by sebastiendeg

EJB3 Remote Security propagation

sebastiendeg Jul 9, 2008 10:14 AM

Hi,

I'm trying to setup security for my EJB3 applications.
I have a first JBoss Server with EJB3 calling remote EJB3 on another server.

How does it work for Security ? Is there a way of propagating the principal from one server to the others like we do for Transaction ?

I'm trying to find out what are the options for that.

Tks.

1. Re: EJB3 Remote Security propagation

sebastiendeg Jul 11, 2008 5:32 AM (in response to sebastiendeg)

I've been reading JBoss (4.2.2) config guide and obviously we can use either JNDI params to send the authentication or we can use ClientLoginModule.

Is there a way of defining a "Global" security "domain" which would manages the propagation of the subject across JBoss Server ?

That would be nice in our case because JBoss clients keep remote stateless proxies to avoid lookup delay everytime they call remote EJB.

Hope someone could give me some infos.

Cheers,
Sebastien
Actions
2. Re: EJB3 Remote Security propagation

ragavgomatam Jul 12, 2008 12:12 PM (in response to sebastiendeg)

If there are 2 seperate jboss instances, i believe that you use jndi params to send authentication. But for a Global Security domain, I am not sure. I believe, you should have a federated Naming Context which spreads across clustered installations. I don't know if jboss supports distributed naming contexts
Actions
3. Re: EJB3 Remote Security propagation

sebastiendeg Jul 12, 2008 1:56 PM (in response to sebastiendeg)

Thank you very much.

The goal was not to re-login when we access those remote service.
But, I don't think there is an easy solution for that.

For info, since the remote layer is completely private and not accessible outside our private network, I don't see any problem by not using security restriction.

Of course, for public services, (Web, WS, and so on) we are going to use a strong security model.

Thanks.
Actions

Go to original post