8 Replies Latest reply on Dec 19, 2009 4:52 AM by jaikiran

    How to get current security domain from a session bean

    jc7442

      I need to get the current security domain from a session bean to be able to read login config options in order not to duplicate this config.

      Is it possible to get the name of the current security domain ?


      This domain is defined either in jboss.xml or by the the SecurityDomain annotation. It looks that it will be able to get this information from applicationMetadata. How can i get Metadata from a session bean ?

        • 1. Re: How to get current security domain from a session bean

          I know this is an old post - did you ever find a solution? I'm faced with the same issue.

           

          Thanks...

          • 2. Re: How to get current security domain from a session bean

            My current solution, not so great:

             

              /**
               * Would be better to have one that doesn't rely on an annotation being present.
               *
               * @return
               */
              public String getSecurityDomain() {
                SecurityDomain annotation = this.getClass().getAnnotation(SecurityDomain.class);
                if (annotation == null) {
                  return null;
                }
                return annotation.value();
              }

            • 3. Re: How to get current security domain from a session bean
              jaikiran
              Why do you need that by the way? Maybe there's a better way to do what you are trying.
              • 4. Re: How to get current security domain from a session bean
                jaikiran
                You probably already know that, it's not going to work if the security domain is configured through xml instead of annotation.
                • 5. Re: How to get current security domain from a session bean

                  I'm trying to establish my own connection to an Active Directory server so that I can change users' passwords. See this thread:


                  http://community.jboss.org/thread/44481?tstart=0

                   

                  Once I know the current EJB's security domain, I can get everything I need to establish this connection from configuration. I'm aware that my solution will not work if the security domain is configured through XML - I can get away with it for the moment, since I'm using EJB3 annotations, but I would definitely prefer to find a more robust solution.

                  • 6. Re: How to get current security domain from a session bean
                    jaikiran

                    Hmm, why do you want to go through the bean for this? Are you changing the password of the principal accessing the bean?


                    • 7. Re: How to get current security domain from a session bean

                      It may not be the current principal, but it will be a user in the same security domain. Basically, I have to provide a web service for existing clients who will not have access to the back-end Active Directory server. I thought exposing a session bean as a web service would be the most straightforward way to do this. Any thoughts?

                      • 8. Re: How to get current security domain from a session bean
                        jaikiran

                        brazil123 wrote:

                         

                        It may not be the current principal, but it will be a user in the same security domain.

                        In that case i don't think you really need to go through the bean. Looking at your use case, you just need to know the user name whose password needs to be changed and the security domain name. You probably are passing the user name as a param to the bean method and picking the security domain from the security domain configuration on the bean.

                         

                        brazil123 wrote:

                         

                        Basically, I have to provide a web service for existing clients who will not have access to the back-end Active Directory server. I thought exposing a session bean as a web service would be the most straightforward way to do this. Any thoughts?

                        So all you need is a webservice which exposes a method which can accept the username and the security domain name. I can understand that the security domain name will not be available at the client which uses this API. So you can probably have a default security domain:

                         

                        private static final APP_SECURITY_DOMAIN="blah";
                        

                         

                        and the rest of the code to change the password would be the same. So really, instead of annotating a bean with @SecurityDomain("blah") and then calling the bean to get hold of that "blah", you can just get rid of the bean.