About Securing JSR77 - J2EE Management

diripu Nov 17, 2004 12:02 AM

My Remote client application is using JSR77 - J2EE Management way for monitoing JBoss. So it is using the stateless bean ejb-management.jar and using the JNDI lookpup "ejb/mgmt/MEJB".
Is there anyway this application(stateless bean) can be secured by username and password . Do i need to consider for security??

1. Re: About Securing JSR77 - J2EE Management

starksm64 Nov 19, 2004 11:54 AM (in response to diripu)

Its secured like any other ejb. Edit the ejb-management.jar ejb-jar.xml descriptor to secure the ejb and specify the security domain via a jboss.xml descriptor as described in the JAAS Howto:
http://www.jboss.org/index.html?module=bb&op=viewtopic&t=46370
Actions
2. Re: About Securing JSR77 - J2EE Management

diripu Nov 22, 2004 12:36 AM (in response to diripu)

Thanks,
So if my remote client has the following lines ,
is it sufficient to handle the security ?Or do i need to
consider some other aspects also.

Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
props.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
props.put(Context.PROVIDER_URL, str[1]); // URL
props.put(Context.SECURITY_PRINCIPAL, str[2]); //Username
props.put(Context.SECURITY_CREDENTIALS, str[3]); //Password
InitialContext context = new InitialContext(props);
Object obj = context.lookup( "ejb/mgmt/MEJB" );
ManagementHome home = (ManagementHome) PortableRemoteObject.narrow(obj,ManagementHome.class);
server = home.create();
Actions

Go to original post