1 Reply Latest reply on Oct 24, 2008 11:32 AM by lb24

    ClientLoginModule & ServerInvokerServlet

    lb24
    lb24 Oct 23, 2008 11:17 AM

      I have a set-up where an external Client (swing based) is using the ClientLoginModule to pass it's user credentials to an EJB3 Stateless service for execution. The service is annotated (@SecurityDomain) and the method calls are annotated with @RolesAllowed. The security Domain is configured in the JBoss 4.2.2 login-config.xml.

      All is working fine when using a socket connection (clientBindUrl = "socket://0.0.0.0:3873") , However, the client also needs to be able to communicate over HTTP (clientBindUrl = "http://localhost:8080/invoker/ServerInvokerServlet"). When using the HTTP jndi bound service the Principal/Subject are null on the receiving the HTTP call within the RoleBasedAuthorizationInterceptor.

      I've configured the jboss-web.xml within the invoker.war\WEB-INF, but I believe this will only work with BASIC or FORM auth. I already have authentication (albiet, dummy) on the Fat Client (swing) using the ClientLoginModule - how do I config the ServerInvokerServlet to use these credentials as with the socket connection (RMI).

      I've seen plenty of examples of how to secure WebApps + examples of how to use the ClientLoginModule. But can't find any good documentation on how to use the ClientLoginModule when calling EJB3 over HTTP (or HTTPS).

      Any help/pointers would be much appreciated.

      Thanks
      LB.

      • 1919 Views
      • Tags:
        • 1. Re: ClientLoginModule & ServerInvokerServlet
          lb24
          lb24 Oct 24, 2008 11:32 AM (in response to lb24)

          Ok, the lack of response forced me to investigate the issue myself - something I was hoping to avoid.

          Turns out I had a few teething config errors. All is now working as expected.

          Thanks to everyone that didn't respond, forcing me to stop being lazy!

            • Actions