Passing JAAS Subject from an EJB to an RA
jraby Jun 3, 2003 4:29 PMI'm working on a resource adapter and have got some questions on authentication in the case where the client is an EJB which already has a JAAS subject. In this case, my expectation was that when the client calls the ConnectionFactory.getConnection() method, that the ManagedConnectionFactory.createManagedConnection() method should automatically be passed a copy of the client's subject. However, this is not the behavior that I am seeing.
The EJB client performs a LoginContext.login() successfully. I can then dump the Subject and verify that it's data make sense. The EJB then instantiates a ConnectionFactory and calls getConnection(). ManagedConnectionFactory.createManagedConnection() receives a null Subject. Why?
In my ra.xml, I specify BasicPassword authentication, because in the normal case the client will not have a Subject, and will instead pass a ConnectionSpec with username/password that the RA verifies. However, I would also like to handle the case where the client already has a Subject. In that case, I would like to use the Subject that is passed in (if I could only get it to be passed in...)
I assume that this is a configuration problem, but I'm not at all clear on how the RA needs to be configured. Here is a copy of my simple TestRA-ds.xml:
<?xml version="1.0" encoding="UTF-8"?>
<connection-factories>
<tx-connection-factory>
<jndi-name>TestJCA</jndi-name>
<xa-transaction/>
<adapter-display-name>TestJCA</adapter-display-name>
<min-pool-size>0</min-pool-size>
</tx-connection-factory>
</connection-factories>
and here is the simple ra.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE connector PUBLIC '-//Sun Microsystems, Inc.//DTD Connector 1.0//EN' 'http://java.sun.com/dtd/connector_1_0.dtd'>
<display-name>TestJCA</display-name>
Test JCA Connector
<vendor-name>FileNet Corporation</vendor-name>
<spec-version>1.0</spec-version>
<eis-type>Test</eis-type>
4.0
<managedconnectionfactory-class>filenet.daphne.jca.DaphneManagedConnectionFactory</managedconnectionfactory-class>
<connectionfactory-interface>javax.resource.cci.ConnectionFactory</connectionfactory-interface>
<connectionfactory-impl-class>filenet.daphne.jca.DaphneConnectionFactory</connectionfactory-impl-class>
<connection-interface>javax.resource.cci.Connection</connection-interface>
<connection-impl-class>filenet.daphne.jca.DaphneConnection</connection-impl-class>
<transaction-support>NoTransaction</transaction-support>
<authentication-mechanism>
<authentication-mechanism-type>BasicPassword</authentication-mechanism-type>
<credential-interface>javax.resource.spi.security.PasswordCredential</credential-interface>
</authentication-mechanism>
<reauthentication-support>false</reauthentication-support>