JNDI Security?

kaloisi Nov 7, 2006 3:02 PM

Is there a way to force authentication for all JNDI access? I'm having trouble finding documentation on this subject.

It looks like the LoginInitialContextFactory accepts a user/password but NamingContextFactory doesn't.

So is there a way to disable NamingContextFactory?

1. Re: JNDI Security?

peterj Nov 7, 2006 3:39 PM (in response to kaloisi)

If you run JNDI over HTTP you can secure access. Maybe that will work for you. See http://docs.jboss.com/jbossas/guides/j2eeguide/r2/en/html_single/#d0e6617
Actions
2. Re: JNDI Security?

kaloisi Nov 7, 2006 4:43 PM (in response to kaloisi)

Is that the only way? Or the Easiest Way?

Do you know how to disable the RMI / jnp protocals?
Actions
3. Re: JNDI Security?

peterj Nov 7, 2006 6:47 PM (in response to kaloisi)
"kaloisi" wrote:
Is that the only way? Or the Easiest Way?

Neither. It is The Only Way I Know How. Others who are smarter than I am might have other, betters ways of doing it.

As far as disabling jnp, I saw this comment in server/default/conf/jboss-service.xml:

 <attribute name="Port">1099</attribute>
Actions
4. Re: JNDI Security?

vonarxma Dec 6, 2006 10:58 AM (in response to kaloisi)
Hi,

There is no example how to access the http invoker when authentication is required. With the following jndi.properties

java.naming.factory.initial=org.jboss.naming.HttpNamingContextFactory java.naming.factory.url.pkgs=org.jboss.naming java.naming.provider.url=http://localhost:8080/invoker/JNDIFactory

an exception was thrown instead of the requested naming context. Have you found a solution?

Regards, Matthias
Actions

Go to original post