2 Replies Latest reply on Jul 17, 2012 7:45 AM by halliballi

    change user and credentials at runtime

    halliballi

      Hi,

       

      I have an application that is running in JBoss 4 and there are some Beans that don't use Security Domain and some that do.

      At startup there are only Beans called that don't have any restrictions, some information is fechtched from the server and than the credentials are set

       

      org.jboss.security.SecurityAssociation.setPrincipal(new UserIdPrincipal(objUser.getUsername()));
          org.jboss.security.SecurityAssociation.setCredential(objUser.getPassword().toCharArray());

       

      in JBoss 7 SecurityAssociation is no longer included.

      Is there a way to set the credentials at runtime?

       

      I tried creating a new initial context

       

      with

              jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

              jndiProperties.put(Context.SECURITY_PRINCIPAL, username);

              jndiProperties.put(Context.SECURITY_CREDENTIALS, password);

              ic=new InitialContext(jndiProperties);

       

      But this does not seem to have any effect

       

      I also tried

               ic.addToEnvironment(Context.SECURITY_PRINCIPAL, username)

               ic.addToEnvironment(Context.SECURITY_CREDENTIALS, password)

       

      but the result was an exception

       

      Than I thougt I'd implement my own CallbackHandler

       

      but it seems I can not change the credentials and user information at runtime neither.

       

      Can anybody help me

      Thank you

        • 1. Re: change user and credentials at runtime
          halliballi

          OK, maybe I have to change my question.

           

          I have an application that connects to my JBoss Server and uses no credentials at first.

          Than it gets some information from the server. The Beans that are used don't have a security context.

           

          Now I use part of the information to access Beans that have a security context.

          So I set during runtime of my client app the credential data (using some information that I got before)

           

          Is something like this also possible with JBoss 7.1?

          It seems as if my credentials are not being used when I change or set them during runtime.

           

          When I check the SQL Statement in SQL Profiler the password is not the one I set on client side.

           

          Thank you

          regards

          • 2. Re: change user and credentials at runtime
            halliballi

            Ok, once more.

             

            I found the following https://community.jboss.org/wiki/JBossAS7RemoteEJBAuthenticationHowto

            But event with that I fail. Is there somewhere a guide for dummies (like me)

            I just don't understand how I can set the credentials of my user in order to access beans in security context.

             

            In JBOSS 4 this worked for me:

             

            org.jboss.security.SecurityAssociation.setPrincipal(new UserIdPrincipal(objUser.getUsername(), objUser.getId()));

            org.jboss.security.SecurityAssociation.setCredential(objUser.getPassword().toCharArray());