3 Replies Latest reply on Jun 25, 2007 11:06 AM by cupdike

    non-ssl user authentication?

    cupdike

      Is there a way to do user authentication using rmi (w/o using SSL)? I saw a forum post that showed using JNDI Context environment entries for username and password, but I don't see how this works with the remoting protocol like it does with JNDI lookups. I've googled various ways but not found any resources on how to do this (including the docs and the wiki). Any pointers greatly appreciated.

      TIA, Clark

        • 1. Re: non-ssl user authentication?
          ron_sigal

          Hi Clark,

          I'm not quite sure what you want to achieve, but it's not likely that Remoting does what you want.

          It's true that you can pass username and password when creating a JNDI InitialContext. For example, the following lines taken from the Sun JNDI tutorial at

          http://java.sun.com/products/jndi/tutorial/:

          env.put(Context.PROVIDER_URL, "ldap://ldap.wiz.com:389");
          env.put(Context.SECURITY_PRINCIPAL, "joeuser");
          env.put(Context.SECURITY_CREDENTIALS, "joepassword");
          Context ctx = new InitialContext(env);
          



          It's also true that RMI server object proxies can be stored in and retrieved from a repository that is accessible through JNDI. But that connection between RMI and JNDI doesn't currently exist in Remoting, which stores proxies in a plain old RMI Repository.

          Of course, you're welcome to create a Remoting JIRA feature request issue at http://jira.jboss.com/jira/browse/JBREM, explaining the need for the functionality you're looking for. Note, however, that all of the Remoting transports (socket, rmi, http, etc.) have an SSL counterpart which supports authentication, etc.

          • 2. Re: non-ssl user authentication?
            cupdike

            Thanks for the reply Ron.

            Just to be clear (before I submit any JIRA issues)...

            I've used JNDI lookups to access EJB session beans in the past where the context is used to authenticate the client to the server, and the user principal is then accessible in the EJB context. I'd like to do the same thing with Remoting (be able to access the authenticated user principal).

            If that's clear and not currently possible, I'll file a JIRA issue.

            Correct me if I'm wrong, but SSL authentication requires client side certs which is something I'd prefer to avoid.

            Thanks, Clark

            • 3. Re: non-ssl user authentication?
              cupdike

              I opened an issue for this:

              http://jira.jboss.com/jira/browse/JBREM-759

              I'm kind of amazed that I'm the first one to request non-ssl client username/password authentication like this.

              -Clark