-
1. Re: Calling an EJB from a LoginModule ?
wdfink Jun 1, 2013 6:29 PM (in response to cfillot)1 of 1 people found this helpfulAs a login module is meant as a container service for security.
I suppose that calling an EJB will be container dependend and not portable as the behaviour can be different.
I would use that approach only if it is for integration of an old implementation.
-
2. Re: Calling an EJB from a LoginModule ?
sfcoy Jun 1, 2013 10:17 PM (in response to cfillot)1 of 1 people found this helpfulYou need to be careful of creating a chicken and egg situation.
ie. What is securing the EJB? The same LoginModule that is calling it?
-
3. Re: Calling an EJB from a LoginModule ?
cfillot Jun 2, 2013 3:55 AM (in response to wdfink)Thanks Wolf-Dieter, I'll use a more "classical" approach to avoid portability problems, even if I use only JBoss AS for my apps at the moment.
Stephen, you made a good point, indeed the EJB would be in the security-domain secured by this LoginModule. I wanted to mark the EJB verification method with @PermitAll, but it will still go through the JAAS process and cause the chicken and egg situation you described.
-
4. Re: Calling an EJB from a LoginModule ?
wdfink Jun 2, 2013 6:39 AM (in response to cfillot)Yes the problem is often that such approaches are not running if you da an server upgrade, maybe only a minor version, this depends on the exact flow. Here you are in the middle of the authentication and it is not clear what happen.