1 Reply Latest reply on Oct 8, 2013 9:37 AM by Nicky Mølholm

    How to login programmatically from inside the JBoss 7 server?

    Nicky Mølholm Newbie

      Hi guys,


      I have some code that needs to login programmatically.


      The code is running inside the application server in a thread that isn't managed by JBoss AS. It is neither a Web container thread, an EJB thread etc...And it isn't a remote client either...


      From this unmanaged thread, I need to authenticate (login) to the server, just before an EJB method is invoked. And then logout immediately after again. <-- How can I do that?


      Pseudo code:

      class UnmanagedThread {
          public void invokeEjb() {
               // <Code here> :: Authenticate with usr+password
                Ejb e = grabMyEjb();


      To be precise: I would loove to find something similar to HttpServletRequest.login( userName , userPassword ) .... does that exist in JBoss AS 7.2 ?


      -- I need to present a userName and a password to the login mechanism. So that the container will run the LoginModules authentication process appropriately )


      ( I am upgrading JBoss 5 code to JBoss 7.2 code. The old code used a "new InitialContext()" approach with the org.jboss.security.jndi.JndiLoginInitialContextFactory class as factory value. This trick doesn't seem to work anymore.  )

      ( Oh - I tried google before writing this entry .... but this time it didn't help much unfortunately )


      Looking forward to get some input here



        • 1. Re: How to login programmatically from inside the JBoss 7 server?
          Nicky Mølholm Newbie

          I have something working now.


          Not quite sure if it is "best practice". What do you say (broadcast question ) ?


          So ... this is how I run an EJB method under another principal:


                  runAs("other", "duke", "duke123!", new PrivilegedAction<Void>() {
                      public Void run() {
                          friendService.ping(); // EJB invocation ( Inside it it knows about the correct duke principal )
                          return null;


          The ping() method is secured with @RolesAllowed("ONLY_JAVA_LOVERS"). It ensures that the EJB cannot be invoked with the anonymous principal etc.


          …and a peak into the runAs method:


                private void runAs( String securityDomain, String userName, String password, PrivilegedAction<Void> action) {
                  SecurityContext originalSecurityContext = SecurityContextAssociation.getSecurityContext();
                  try {
                      // Perform programmatic login
                      LoginContext ctx = new LoginContext(securityDomain, new UsernamePasswordHandler(userName, password.toCharArray()));
                      // Bind principal/subject to the current thread
                      SecurityContext sc = SecurityContextFactory.createSecurityContext(securityDomain);
                      sc.getUtil().createSubjectInfo(ctx.getSubject().getPrincipals().iterator().next(), password, ctx.getSubject());
                      // Run the action with the new login details
                      Subject.doAs(ctx.getSubject(), action);
                  } catch (Exception e) {
                      throw new RuntimeException(e);
                  } finally {


          The code doesn't work without lines 9+10+11. So this is the nasty part I guess: manually binding stuff to the thread. Lines 02+18 is there just to compensate.....

          Also, without Subject.doAs (line 14) the EJB container rejects to invoke the method due to authorization issues.


          Community - let me know if this can be done better,