env: JBoss 4.2.2 + JBoss Messaging 1.4
problem: I have my own LoginModule. All beans and destinations are configured to use it. I have, for example, user with name "user", password "password" and role "role".
When I need to invoke bean's method, I pass username/password through JNDI (SECURITY_PRINCIPAL/SECURITY_CREDENTIALS).
When I need to work with some queue, I do login procedure look like this:
InitialContext ctx = new InitialContext(<don't pass user/pwd here>); ConnectionFactory cf = (ConnectionFactory) ctx.lookup("/ConnectionFactory"); Connection = cf.createConnection("user", "password"); // pass user/password here ..........................
@RolesAllowed(value="role") public void someBeanMethod() { String currentUser = sessionContext.getPrincipal().getName(); // username, who invoked this bean's method String password = getPasswordFromDatabase(currentUser); // get password from db InitialContext ctx = new InitialContext(); ConnectionFactory cf = (ConnectionFactory) ctx.lookup("/ConnectionFactory"); Connection = cf.createConnection(currentUser, password); // I don't want to do it! .............. }