2 Replies Latest reply on Feb 20, 2002 7:50 AM by Shyam

    need help for this scenario

    Shyam Newbie

      Hi ..

      Iam new to JBoss, i have a following scenario for which i need to implement the security module for adding the users to JBoss server and need to authenticate them when ever they try to login.

      we have a server called myserver,which services multiple remote rmi clients(not web clients).

      while the myserver is starting ,it should retreive all the users from the database and add them to the JBoss server

      once ,the myserver is up and running,
      if any client tries to login,that info is intercepted by the server(by a stateful session bean) and with this info the server should authenticate the user(if suuccessful,return that statefulsession bean refrence).

      during the runtime, new users can be added. and we need to add these users to the JBoss server dynamically and authenticate them whenever they try to login

      I donot want any authentication to be done directly by the clients.it should be intercepted by the server and with that info server should authenticate the user.

      i have gone through the JBossSX docs, but i am confused on how to proceed

      preferebly,i want to use the JaasSecurityManagerService

      can you suggest me on how to proceed to implement the above scenario.


        • 1. Re: need help for this scenario
          Luke Taylor Novice


          I don't quite understand what you're trying to achieve, but you seem to be confused about the issue of "adding users to the JBoss server". JBoss doesn't have any inbuilt concept of how to store user information - it's up to you to provide that and write a login module to access it. Alternatively you can use one of the standard supplied modules which allow you to use a database, LDAP or properties files.

          You will have to clear up a lot of your description. What do you mean by you "don't want any authentication do be done directly by clients". And why do you want login information to be intercepted by a Stateless SB?


          • 2. Re: need help for this scenario
            Shyam Newbie

            Luke,Thanks for your reply.

            the server which we are using i.e. "myserver" is an already established server. which is currently running on "JRun" server. The scenario which i explained was followed in case of JRun. similarly, i need to develop a pluggable module w.r.t JBoss with out disturbing the myserver.depending on the application server used, respective module will be called.

            In Case of JRun, it is a problem if we donot add the users to JRun server before they try to login..so the users are added before they login.once the user is authenticated in "myserver" then he will be logged into "JRun server". if both are successful his authentication is successful. once the user is logged in ,all his access control to different beans are checked by the JRun server according to the roles declared in the ejb-jar.xml.
            If JBoss doesnot pose any problem w.r.t this then we can skip "adding the users to JBoss server".

            my basic confusion is , if any bean to be accessed in the JBoss server ,the user should be logged into the JBoss server right! so that user's permissions on any bean's methods will be checked by the JBoss server. and the beans deployed for "myserver" should be accessed only by the users of "myserver"

            if i use the default SecurityImplementation of JBoss, i need to store the users info in users.properties. but i cannot put this file in the deployment jar file.because until the server starts i cannot develop this file.

            i hope you understood the requirement. pl let me know how to proceed