-
1. Re: Authentication Problem
adrian.brock Apr 24, 2003 1:11 PM (in response to pitdingo)You need to do a login a JAAS login
e.g.
public void onMessage(Message message)
{
...
LoginContext context = new LoginContext("client-login", handler);
context.login();
try
{
// Do work
}
finally
{
context.logout();
}
...
}
The handler is just a jaas callback handler
e.g. you could use
org.jboss.security.auth.callback.UsernamePasswordCallbackHandler;
UsernamePasswordCallbackHander h = new UsernamePasswordCallbackHander(user, password.toCharArray())
You could easily make this an interceptor and add
it to your MDB.
NOTE: This does no authentication. It just
attaches the user and password to the thread.
Any secured EJBs will authenticate and authorise
the user/password.
Regards,
Adrian -
2. Re: Authentication Problem
pitdingo Apr 25, 2003 12:50 PM (in response to pitdingo)thanks for the reply. I tried that under JBoss 2.4.4 and it does not work. I see our LoginModule get invoked, but a call to getCallerPrincipal in the EJB returns 'nobody'
We cant use a newer JBoss because of how slowly they compile JSPs on the fly. -
3. Re: Authentication Problem
adrian.brock Apr 25, 2003 12:59 PM (in response to pitdingo)AFAIK "client-login" wasn't configured on 2.4.4
You can do the same thing as the JAAS login
by using the SecurityAssociation class directly
(this should help you to debug the JAAS config)
Login:
SecurityAssociation.setPrincipal(new SimplePrincipal(user));
SecurityAssociation.setCredential(password);
Logout:
SecurityAssociation.clear();
WEB-STUFF: I'm no expert but...
Checkout 3.2, it has Jasper2 which is supposed
to be a lot faster.
Have you tried unpacked war deployments?
With this method you only have to recompile
the changed jsps as you change them not the
whole application.
Regards,
Adrian -
4. Re: Authentication Problem
pitdingo Apr 28, 2003 11:45 AM (in response to pitdingo)'client-login' is in 2.4.4 and it appears to work. I was using my custom LoginModule name before.
What is the difference though? Do subsequent calls use my custom LoginModule to authenticate that user name and password assigned to the Thread by client-login? -
5. Re: Authentication Problem
adrian.brock Apr 29, 2003 7:11 AM (in response to pitdingo)If your custom login module is on the called ejbs
then yes it will check the principal/credential
assigned to the thread by the "client-login".
Regards,
Adrian -
6. Re: Authentication Problem
pitdingo Apr 30, 2003 12:10 PM (in response to pitdingo)thanks for your replies Adrian.
what is special about 'client-login'? Shouldn't a call to what i have configured in 'my-login' work the same way?
Well, now i am going to have to get this to work in Weblogic which is going to take some time due to all their 'value-add' garbage.
thanks again. -
7. Re: Authentication Problem
adrian.brock May 1, 2003 9:18 AM (in response to pitdingo)The user and credential in the jndi context
is only used during the lookup.
Regards,
Adrian