1 Reply Latest reply on Sep 10, 2002 3:46 PM by Chris Ip

    Calling other secured EJB using mutiple LoginContext

    Chris Ip Newbie

      Hello

      I'm new to JBoss and have this question

      Is it possible to use different LoginContext or credentials when calling from one secured EJB to another, which resides in another JBOSS server?

      obviously the EJBs in two servers have different users and security roles. Please point out any documentation on invoking methods on other EJBs in differnet APP servers.

      Thank you very much in advance

      Chris

        • 1. Re: Calling other secured EJB using mutiple LoginContext
          Chris Ip Newbie

          I have figure out a way to do this. Just post it here if nyone is interested. However the approach is not really desirable as it involves security logic in the code and it is JBoss specific, nevertheless it solves my problem.

          In order to authenticate to other JBoss instance, the client EJB has to create a LoginContext. however doing this will lead to overwrite of the existing credential. What i've done is save the current credential, then do login with the remote credential, all the remote functions and then restore the original credential. The following is the code:

          //save current credential
          Object currentCredential = org.jboss.security.SecurityAssociation.getCredential();
          java.security.Principal currentPrincipal = org.jboss.security.SecurityAssociation.getPrincipal();
          javax.security.auth.Subject currentSubject = org.jboss.security.SecurityAssociation.getSubject();

          // create login context
          javax.security.auth.login.LoginContext lc = null;
          char[] password = decryptedPassword.toCharArray();
          org.jboss.security.auth.callback.UsernamePasswordHandler thisCallbackHandler = new org.jboss.security.auth.callback.UsernamePasswordHandler(login,password);

          try {
          lc = new
          //"Client-Domain should be defined in login-cofig.xml which uses ClientLoginModule
          javax.security.auth.login.LoginContext("Client-Domain", thisCallbackHandler);

          lc.login();

          //get the remote interface
          java.util.Properties jndiProps = new java.util.Properties() ;
          jndiProps.setProperty("java.naming.factory.initial", "org.jnp.interfaces.NamingContextFactory" ) ;
          jndiProps.setProperty("java.naming.provider.url", remoteServer ) ;
          jndiProps.setProperty("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces" ) ;

          javax.naming.InitialContext remoteIC = new javax.naming.InitialContext(jndiProps);

          Object ref = remoteIC.lookup(jndiName);

          somebean thebean = (somebean) PortableRemoteObject.narrow(ref, somebean.class);

          //invoke remote method
          thebean.runSomething()

          //logoff
          lc.logout();

          // recover the original credentials

          org.jboss.security.SecurityAssociation.setCredential(currentCredential);
          org.jboss.security.SecurityAssociation.setPrincipal(currentPrincipal);
          org.jboss.security.SecurityAssociation.setSubject(currentSubject);