2 Replies Latest reply on Jul 30, 2002 4:00 AM by ytzel

    LoginContext create in a Servlet and passed to an EJB

    softcom

      Hello,

      I have some problems to developpe security aspects of my project on the release JBoss-3.0.0_tomcat-4.0.3.

      I need to hand the LoginContext of a client from a java class (control) used both in a servlet (Servlet/JSP) and in a Stand alone application.

      My control work well with the stand alone java application, but I am unable to figure out how to configure JBoss-Tomcat to run it from a Servlet/JSP.
      When my Servlet call an EJB, the JaasSecurityManager of my Security-domain tell me "Principal=null"!?

      It seems to be that the user LoginContext isn't forwarded in this case. I try the same web-application with Tomcat as stand alone application (not embded in JBoss) and every thing was all right. Same behavior with Jetty!!

      Could somebody help me? Is it possible to handle the LoginContext in a servlet? What I have to configure to make it runnable?

      Thanks a lot for your help (this problem will drive me crazy...).
      Benoit

        • 1. Re: LoginContext create in a Servlet and passed to an EJB
          javawerks

          Look at ClientLoginModule.java, which can be found in the jboss src archive, for some ideas on how to solve your problem. The anwser lies in the SecurityAssociation method calls.

          Regards, Mike

          • 2. Re: LoginContext create in a Servlet and passed to an EJB
            ytzel

            if your webapp runs in the same vm, you must provide 2 security domain entries in login-config.xml for your application (or even more, if you need)

            the first one is for your application and the second one is for your client, remember the webapp (servlet/jsp) now is your client. for the client side you must use the JBOSS ClientLoginModule and for your App you use your own JAAS or JBOSS loginmodules. i use it in this way and of course it works

            cy