2 Replies Latest reply on Oct 4, 2006 7:21 AM by kdeboer

    Username token Profile and JAAS Authentication

    kdeboer Sep 22, 2006 9:19 AM

      I finally managed to get the username token profile stuff working.
      It ends up in the endpoint. But for Servlet Based Endpoints (perhaps also for ejb based endpoints) it seems that noting happens with the username and password. I had expected the JAAS Module associated with the webapp to be called but it is not. So the Principal is also not created.
      I am overlooking something?

      Even if only using the username token profile option of WS-Security (no message encryption or signing) still a Jboss-wsse-server.xml is needed. The current handelInbound method of WSSecurityDispatcher does not take the username into account it seems.
      It would be a good idea to user / develop a suitable CallBackHandler / LoginModule to create the principle. Is any work done on this?


      Thnx
      Karl

      • 3186 Views
      • Tags:
        • 1. Re: Username token Profile and JAAS Authentication
          cboatwright
          cboatwright Oct 3, 2006 11:00 PM (in response to kdeboer)

          I may not totally be answering your question, but it may be related to something I ran into and that was assuming the generate WAR file (and I'm working with EJB3 endpoints) would contain the proper security constraints. I couldn't get the annotations to work for that, so I created the jboss-web.xml and web.xml and packaged my own WAR and it worked fine.

          Look at http://www.jboss.com/index.html?module=bb&op=viewtopic&t=91699 for my post that touches on this.

          I have a JAAS module doing the login and creates a Principal which my EJB3 endpoint can access. Also loads the roles so my EJB3's "@RolesAllowed" annotation is honored.

            • Actions
          • 2. Re: Username token Profile and JAAS Authentication
            kdeboer Oct 4, 2006 7:21 AM (in response to kdeboer)

            Thanks for sharing your thoughts. But i am using webservices based upon servlets, because we use a WSDL first approach (specify the contract first with xml schema support). The generated code with WSCompile / WSTools generates servlet based endpoints. SO i am not using annotiations nor ejbs. But do you also use username profile tokens in the soap header?
            If your approach works i would be very interested to know

              • Actions