7 Replies Latest reply on May 21, 2003 9:43 AM by hln_chn

    Custom Login Module accesses EJB

    Alexey Titorenko Newbie

      Hi All.

      I have the following problem.

      I've implemented a custom JAAS login module which obtains user information form database. All works fine but there already exists a session EJB managing users in the database. It seems to be very attractive to use that EJB within the custom login module to access users information.

      Since that EJB is also used by other applications, it's methods are protected. To avoid recursive login module invokation the module must be associated with some identity. But it's not associated with any identity and the login module is invoked recursively.

      Is there any way to associate an identity with the custom login module so that the latter could invoke protected methods of EJB?

      Thanks, Kit.

        • 1. Re: Custom Login Module accesses EJB
          Thomas Louis Newbie

          Hi Kit,

          I got the same problem.
          Did you found a solution, that you propably ca provideß

          Thanks,
          Thomas


          > Hi All.
          >
          > I have the following problem.
          >
          > I've implemented a custom JAAS login module which
          > obtains user information form database. All works
          > fine but there already exists a session EJB managing
          > users in the database. It seems to be very attractive
          > to use that EJB within the custom login module to
          > access users information.
          >
          > Since that EJB is also used by other applications,
          > it's methods are protected. To avoid recursive login
          > module invokation the module must be associated with
          > some identity. But it's not associated with any
          > identity and the login module is invoked
          > recursively.
          >
          > Is there any way to associate an identity with the
          > custom login module so that the latter could invoke
          > protected methods of EJB?
          >
          > Thanks, Kit.

          • 2. Re: Custom Login Module accesses EJB
            Micael Källman Newbie

            Funny, but I too have that problem. I want to call methods on EJBs from my CustomLoginModule, is that possible?

            /Mike

            • 3. Re: Custom Login Module accesses EJB
              Micael Källman Newbie

              I too have this problem. Is it even possible to call methods on EJBs from a custom loginmodule?

              /Mike

              • 4. Re: Custom Login Module accesses EJB
                Nandak Newbie

                I guess it is a common problem. To terminate the recursive authentication, I used a reserved user - say "system", for which I did not make the EJB calls. Note I did use a password for this user which is known only within the server to prevent breach from external clients.

                If there is a better approach, please let me know

                -Nandak

                • 5. Re: Custom Login Module accesses EJB
                  xnixnix Newbie

                  I've found a the
                  org.jboss.security.auth.spi.RunAsLoginModule
                  that seems to be there just for this purpose, quote from the source:

                  ** A login module that establishes a run-as role for the duration of the login
                  * phase of authentication. It can be used to allow another login module
                  * interact with a secured EJB that provides authentication services.

                  Does anyone know how to use it exactly?

                  I'll try it out and post my findings, if i get it to work.

                  • 6. Re: Custom Login Module accesses EJB
                    Brian Stansberry Newbie

                    From playing with the RunAsLoginModule, it seems to work if your login module only needs to access EJBs in the login() method. You would put it in your login stack before your own module, passing it a configuration parameter "roleName" whose value is the role you want your login module to run-as. When it's login() method is called it associates the specified role with the current thread.

                    The problem is if your commit() and/or abort() methods also want to access EJBs. RunAsLoginModule's own commit()/abort() removes the role from the current thread, and since it's before your module in the stack, the thread will no longer have the role when it gets to your module.

                    I need to access EJB's in commit(), so I'm going to have to modify my own login module to do the security association work RunAsLoginModule does.

                    Best,
                    Brian

                    • 7. Re: Custom Login Module accesses EJB
                      hln_chn Newbie

                      how does it works?? do u store the login (username n password in the database?? )

                      do we need to use the j_username, j_password as the name of the textfield in the login form?

                      anyone can help?