2 Replies Latest reply on Jan 3, 2003 11:48 PM by Rex Jameson

    Principal propagation to EJB

    Rex Jameson Newbie

      Hi, I'm trying access an EJB with JAAS method-level security from an RMI client. I've configured the server (3.2.0-beta2) with an LdapLoginModule which is definitely being called when my client tries to access the EJB, but the username and password are always null. It seems that the the username and password are not being propagated from the client.

      I've tried setting up the client in two ways: 1) simply setting the SECURITY_PRINCIPAL and SECURITY_CREDENTIAL properties in my InitialContext (which is how I do it for Weblogic), and 2) creating a LoginContext prior to creating the InitialContext, an idea I got from the JBoss online manual. The configuration file I used on the client was this:

      scierra {
      // jBoss LoginModule
      org.jboss.security.ClientLoginModule required
      password-stacking="useFirstPass"
      ;
      };

      In both cases the username and password on the server are null.

      I've seen a number of posts on this problem but I haven't discerned a solution from them. It seems like I'm missing a simple configuration issue, but I've been banging my head against it for a while with no success.

      Thanks in advance.

      Rex

        • 1. Re: Principal propagation to EJB
          StasK Newbie

          Hi, i use following in unit tests for my ejb application.
          below is the client auth.conf file
          -------------------------
          other {
          org.jboss.security.ClientLoginModule required;
          };
          -------------------------

          And the client code:
          -------------------------
          import junit.framework.TestCase;
          import org.jboss.security.auth.callback.UsernamePasswordHandler;

          import javax.naming.InitialContext;
          import javax.rmi.PortableRemoteObject;
          import javax.security.auth.login.LoginContext;

          public class TestEJBHelper extends TestCase {
          public static final String DEFAULT_USER_NAME="tester";
          public static final String DEFAULT_PASSWORD="qwerty";
          private LoginContext lc = null;
          private InitialContext ctx = null;

          public TestEJBHelper(String name) {
          super(name);
          }

          protected void setUp() throws Exception {

          if (null == lc) {
          lc = new LoginContext("other", new UsernamePasswordHandler(getUserName(),
          getPassword().toCharArray()));
          }
          if (null == ctx) {
          ctx = new InitialContext();
          }
          lc.login();

          }

          protected void tearDown() throws Exception {
          lc.logout();
          }

          protected InitialContext getInitialContext() {
          return ctx;
          }

          protected Object narrow(Object objRef, Class objClass) {
          return PortableRemoteObject.narrow(objRef, objClass);
          }

          protected String getUserName() {
          return DEFAULT_USER_NAME;
          }
          protected String getPassword() {
          return DEFAULT_PASSWORD;
          }
          }
          ----------------------------------------

          It works on 3.0.4, i dont use LdapLoginModule though, but as i understand the problem is that the username and password, passed to the module are null, so it doesnt matter which module you're using.


          -------------------
          StasK

          • 2. Re: Principal propagation to EJB
            Rex Jameson Newbie

            Thank you very much. It appears that my problem was that my auth.conf file had password-stacking=useFirstPass which I had misunderstood. I had assumed that it would not find a username and password on the first authenticated call and would fail over to use the username and password in the callback handler. In fact, it was somehow finding a username and password in the properties which were both empty strings.

            Thanks again.

            Rex