6 Replies Latest reply on Oct 10, 2006 11:57 PM by sappenin

    Principals from and Message Bean

    mkprim
    mkprim Nov 27, 2003 4:00 PM

      Hello, I'm using JBoss 3.2.2 over linux.
      I wanted to know if there is any way to authenticate a user on a Message Driven Bean, getting the user's subject, role or anything that might help for calling a secured Session Bean from the MDB.
      Actually, I can login users through the DatabaseServerLoginModule, but they always appear in the "guest" role. Can this be changed

      • 7763 Views
      • Tags:
        • 1. Re: Principals from and Message Bean
          adrian.brock Nov 29, 2003 5:33 AM (in response to mkprim)

          You must perform a JAAS login using the
          "Client-Login" policy

          Regards,
          Adrian

            • Actions
          • 2. Re: Principals from and Message Bean
            mkprim
            mkprim Dec 2, 2003 10:18 AM (in response to mkprim)

            I'm doing so, but i cannot get authenticated.
            My client has a Client-Login module.
            My server has a DatabaseServerLoginModule.
            But whenever I try to access a SLSB from the onMessage, the server shows a "guest" role, even if I logged with another username-role
            Thanks,
            Marcelo

              • Actions
            • 3. Re: Principals from and Message Bean
              adrian.brock Dec 4, 2003 7:52 AM (in response to mkprim)

              ? Login on a client will have no affect on the mdb.
              You need to login inside the mdb

              Regards,
              Adrian

                • Actions
              • 4. Re: Principals from and Message Bean
                ftg314159
                ftg314159 Dec 5, 2004 1:36 PM (in response to mkprim)

                I'd like to ask some follow-up questions on this topic.

                I have the same problem as the poster - wanting to set the MDB caller Principal dynamically, in my case using a Subject with PrivateCredential passed in the message.

                It occurred to me to do a JAAS login from the MDB, but it wasn't clear to me whether doing that would remove MDB restrictions from session bean code called from the MDB.

                For example, it is illegal for an MDB to call getCallerPrincipal(). Does this change if the MDB does a JAAS login ? Will session bean methods called by the MDB after the JAAS login be able to call getCallerPrincipal() ?

                Also, can the now-authenticated MDB use session beans described in its <ejb-local-ref> elements under the new Principal, or have these been pre-wired to the \<runAs\> Principal ?

                  • Actions
                • 5. Re: Principals from and Message Bean
                  starksm64
                  starksm64 Dec 6, 2004 1:00 PM (in response to mkprim)

                  No, an mdb can never call getCallerPrincipal. Doing a jaas login is equivalent to a dynamic run-as assignment.

                    • Actions
                  • 6. Re: Principals from and Message Bean
                    sappenin
                    sappenin Oct 10, 2006 11:57 PM (in response to mkprim)

                    Is this still true in the context of EJB3 and the RunAs annotation?

                    Scott Stark: "No, an mdb can never call getCallerPrincipal. Doing a jaas login is equivalent to a dynamic run-as assignment."


                    Thanks!

                    David

                      • Actions