0 Replies Latest reply on Dec 2, 2016 9:54 AM by jakub-krajewski-33795923

    @RunAs with custom LoginModule

    jakub-krajewski-33795923
    jakub-krajewski-33795923 Dec 2, 2016 9:54 AM

      Hello,

      I have simple password based LoginModule connected with some external services.

      It is attached with basic authentication to Webservice EJB in ejb-module in jboss-webservice.xml:

       

      <?xml version="1.0" encoding="UTF-8"?>
      <webservices version="1.0"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xmlns="http://www.jboss.com/xml/ns/javaee"
              xsi:schemalocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss_webservices_1_0.xsd">

           <context-root>/test/root</context-root>

       

           <port-component>

              <ejb-name>SimpleWebService</ejb-name>

              <auth-method>BASIC</auth-method>

              <secure-wsdl-access>true</secure-wsdl-access>

           </port-component>

      </webservices>

       

      And domain in jboss-ejb3.xml

       

      <?xml version="1.1" encoding="UTF-8"?>
      <jboss:ejb-jar xmlns:jboss="http://www.jboss.com/xml/ns/javaee"
         xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:s="urn:security:1.1"
         xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd
        http://java.sun.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-spec-2_0.xsd
        http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_1.xsd"
         version="3.1" impl-version="2.0">

         <assembly-descriptor>

              <s:security>

                   <ejb-name>*</ejb-name>

                   <s:security-domain>TestDomain</s:security-domain>

              </s:security>

         </assembly-descriptor>

      </jboss:ejb-jar>

       

      TestDomain is defined by CLI and correlated with my custom TestLoginModule.

      TestLoginModule implementation is part of my EAR modules.

      WebService authentication with described configuration works fine. Custom LoginModile is invoked properly.

       

      But my stateless web service has @RunAs("testRole") annotation and is calling another EJB.

      Both sevices are in the same ejb module so jboss-ejb3.xml applies to both of them. .

      In this case my custom login module isn't invoked and the CallerPrincipal in invoked EJB SessionContext i set to something like (principal=anonymous, roles = {"testRole"}).

      I would like to map "testRole" at runtime to specific principal with my custom LoginModule, but i cant figure out how to replace default @RunAs implementation with custom module.

       

      I can't find any RunAsLoginModule configuration in my Wildfly 10.0. I have already tried to add more security domain login modules with codes like "RunAs" or "RunAsLoginModule" and bind them with my custom class, but nothing worked.

       

      Any help would be appreciated.

       

      Best Regards,

      Jakub

      • 200 Views
      • Tags: