2 Replies Latest reply on Nov 5, 2001 6:59 AM by Daniel Labrosse

    simple EJB login?

    Daniel Labrosse Newbie


      I need to know how to call my "secured" EJBs from a simple client application by passing security credentials. I've had a look at the examples but have made little progress in getting my server to recognise "who" is making the call. The user is constantly logged in as "nobody", since that is the name I give to an unauthenticated ID i.e. unauthenticatedIdentity=nobody (in auth.conf). Can someone tell me why we need to use a ClientLoginModule to set the user credentials as apposed to just setting some properties in the InitialContext object before making the call to the EJB?

      For example:

      Properties props = System.getProperties();
      props.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
      props.put(Context.PROVIDER_URL, "localhost:1099");
      props.put(Context.SECURITY_PRINCIPAL, "fred");

      // Get a naming context
      InitialContext jndiContext = new InitialContext();

      Hope someone can shed some light here because this is a fairly fundamental issue.

      Thanks a lot.

        • 1. Re: simple EJB login?
          J. Wolfgang Kaltz Novice

          Why exactly this is as it is, I can't say for sure, but that is definitely the way to authenticate in JBoss. The Context stuff is explicitly not supported in JBoss, you must use the ClientLoginModule.

          My guess is, that's the way it is because 1. JBoss tries to use JAAS in a consistent way (that's why you specify a JAAS login module to bind your credentials instead of setting some properties in a class); and 2. there are probably some more things happening behind the scenes and the author thought it would be cleaner to wrap this in an object like the ClientLoginModule.

          • 2. Re: simple EJB login?
            Daniel Labrosse Newbie

            Finally got everything working! I just used the standard - AppCallbackHandler implements CallbackHandler class.

            AppCallbackHandler handler = new AppCallbackHandler(user, pass.toCharArray());
            LoginContext lc = new LoginContext("client-login", handler);

            The client used auth.conf by setting -Djava.security.auth.login.config==auth.conf which contained -
            client-login {
            org.jboss.security.ClientLoginModule required;

            thanks for you input.