0 Replies Latest reply on Jul 4, 2002 1:15 PM by mjeffrey

    Servlet access to secure EJB

    mjeffrey Newbie

      This seems to be a bug in Jboss - any comments.

      I have a secured EJB method that I would like to call from a servlet.
      For various reasons I want to authenticate without prompting the user and, for the moment, I have hardcoded the username password.
      (If you're interested, what I want to do is start a web browser from a Java Application and display a page which accesses a secure EJB - authentication data in the form of a one-time-valid-token will be supplied on the command line)

      I have created a callback handler which sets the username password (see below) and I call this from the servlet (this works - if I set the password incorrectly I get a failed login message otherwise it is OK).
      When I try to access the EJB I get the exception java.lang.SecurityException: Authentication exception, principal=null

      If I set up BASIC authentication in the web.xml then I can access the EJB but the user has to authenticate themselves using the normal dialog.
      I have also got this working with a standalone client - is it possible with a servlet?

      I am using JBoss 3.0 production.

      Any help greatly appreciated.
      thanks,
      Mark


      static class ServletCallbackHandler implements CallbackHandler
      {
      private String username;
      private String password;
      private long userID;

      ServletCallbackHandler(long userID)
      {
      this.userID = userID;
      System.out.println("In ServletCallbackHandler userID=" + userID);
      }

      private void getUsernamePassword()
      {
      this.username = "d";
      this.password = "d1";
      }

      public void handle(Callback[] callbacks)
      throws java.io.IOException, UnsupportedCallbackException
      {
      getUsernamePassword();
      System.out.println("Handling callback");
      for (int i = 0; i < callbacks.length; i++)
      {
      if (callbacks instanceof NameCallback)
      {
      NameCallback nc = (NameCallback) callbacks;
      nc.setName(username);
      System.out.println("Handling callback, user=" + username );
      }
      else if (callbacks instanceof PasswordCallback)
      {
      PasswordCallback pc = (PasswordCallback) callbacks;
      pc.setPassword(password.toCharArray());
      System.out.println("Handling password callback, password=" + password);
      }
      else
      {
      throw new UnsupportedCallbackException(callbacks, "Unrecognized Callback");
      }
      }
      }
      }
      private ServletLoginHandler()
      {
      }

      public static void doLogin(long userID)
      {
      String username = null;
      ServletCallbackHandler handler = null;
      try
      {
      handler = new ServletCallbackHandler(userID);
      LoginContext lc = new LoginContext("HRBaseClient", handler);
      lc.login();
      }
      catch (LoginException le)
      {
      le.printStackTrace();
      }
      }