5 Replies Latest reply on Jul 20, 2009 7:45 PM by mgibson77

    From Servlet Standalone Tomcat to EJB on JBoss

    gfemajor
    gfemajor Jul 14, 2009 3:02 AM

      Hi, i have a Problem with security on standalone Tomcat and JBoss.

      But first, what I try to do:

      I have a Google Web Toolkit (GWT) Application. The servercomponent of this GWT app is a servlet. This GWT app is running on an standalone tomcat.
      From this servlet, I try to access a stateless session bean running on an remote JBoss server.

      Without any security solutions, it's running fine.

      Now I try to add some security to this system.
      So the GWT app is authenticating against the tomcat server with a form base authentication against an database.

      The JBoss server is also authenticating against the same database (because on tomcat and JBoss there should be the same users and roles).

      My problem is, that tomcat does not populate the username und password from the logged in principal to JBoss, so when calling my EJB, I have to do it in that way (otherwise I get an authentication failed error):

      Properties env = new Properties();
env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
env.setProperty(Context.SECURITY_PRINCIPAL, "TestUser");
env.setProperty(Context.SECURITY_CREDENTIALS, "password");

InitialContext ctx;
try {
 ctx = new InitialContext(env);
 connector = (MyBean) ctx.lookup("java:comp/env/ejb/MyBean");
} catch (NamingException e) {
 //do something
}


      Does somebody have a solution for this problem?

      • 1330 Views
      • Tags:
        • 1. Re: From Servlet Standalone Tomcat to EJB on JBoss
          wolfgangknauf
          wolfgangknauf Jul 16, 2009 5:55 AM (in response to gfemajor)

          Hi,

          this is some kind of FAQ ;-): JndiLoginInitialContextFactory does not work in JBoss 5 (actually, it is some kind of dirty workaround), you will have to perform a JAAS login.
          See this forum thread for more details: http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4198157

          Best regards

          Wolfgang

            • Actions
          • 2. Re: From Servlet Standalone Tomcat to EJB on JBoss
            wolfgangknauf
            wolfgangknauf Jul 16, 2009 6:35 AM (in response to gfemajor)

            I updated the FAQ, question 10 (hopefully, what I wrote is correct ;-) )

              • Actions
            • 3. Re: From Servlet Standalone Tomcat to EJB on JBoss
              gfemajor
              gfemajor Jul 16, 2009 9:37 AM (in response to gfemajor)

              OK, i feel sorry that i did not mention my configuration.

              I use (standalone) Tomcat 6.0.20 and JBoss 4.3.

              I read the FAQ:

              "FAQ" wrote:

              Q10: Why isn't my authentication info picked up from the JNDI InitialContext

              A10: Because there is no reason for it. You have to use an InitialContextFactory implementation that supports this. See the Available InitialContext Factories section, and LoginInitialContextFactory or JndiLoginInitialContextFactory in particular.


              Because i am using JBoss 4.3 the "org.jboss.security.jndi.JndiLoginInitialContextFactory" should work, but this is not my Problem. When i use the code from my Post #1, i can log me in and use my EJB.
              The Problem is, that i'm trying to authenticate against the standalone tomcat (servlet) and later, i try to call an EJB from that servlet, but tomcat does not populate the logged in user to JBoss, so i have to login a secound time to JBoss, with the code from post#1.
              I try to avoid the secound login to JBoss, so that tomcat automaticly logs in into JBoss with the principal logged in on tomcat, and the question was, if this is possible (and how :-)).



              "Wolfgang Knauf" wrote:

              See this forum thread for more details: http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4198157


              Sorry, but this thread does not help me, because alsways there must be the principal and password known, but i only get the principals name from the tomcat session.

              (@Wolfgang Knauf: if you do not understand my problem (or i don't understand your solution ;-)), maybe you can send me an email to gfemajor2 [at] gmx.de and we could talk in german :-))

                • Actions
              • 4. Re: From Servlet Standalone Tomcat to EJB on JBoss
                wolfgangknauf
                wolfgangknauf Jul 17, 2009 11:39 AM (in response to gfemajor)

                Hi,

                I'm sorry, I did not see that you use an external Tomcat to access JBoss. No chance to deploy your GWT app to JBoss?

                You might try to take a look at SSO (Single Sign On). As far as I know, this works at least for different apps running in the same JBoss, but probably it is also possible to configure it between servers. I don't know it myself, so I cannot help you further.

                Anyway, the "JndiLoginInitialContextFactory" workaround will not work in JBoss 5.0 ;-)

                Best regards

                Wolfgang

                  • Actions
                • 5. Re: From Servlet Standalone Tomcat to EJB on JBoss
                  mgibson77 Jul 20, 2009 7:45 PM (in response to gfemajor)

                  Hey GFEMajor,

                  I think you might have an answer to what I'm looking for.
                  I can't get JAAS form based authentication to work properly and I've seen you have it working..any pointers?

                  My post is here:
                  http://www.jboss.org/index.html?module=bb&op=viewtopic&t=158664

                    • Actions