1 Reply Latest reply on Jun 18, 2003 11:56 PM by etrio

    Jboss clientLoginModule authentication

    kep Newbie

      Jboss clientLoginModule authentication Posted: May 18, 2003 10:39 PM


      I am using jboss 2.4.10 and read about the
      jaas authentication and so forth

      I have configured the sample client with
      auth.conf setup externally and inside java,
      with
      - System.setProperty("java.security.auth.login.config","auth.conf");
      AppCallbackHandler
      - handler = new AppCallbackHandler("test", "test");
      LoginContext lc = new LoginContext("my-client", handler);
      all setup

      the jboss allows me to login successfully at all time.

      I output the login user/password param through the callback method with no problem.
      but practically how do I make sure that those users not in the "list" can't login to use my EJB.
      I can't find the match of users.properties and roles.properties with the loginContext above.

      Anyone ? BTW, thank you.

      Regards,
      Pete


      Re: Jboss clientLoginModule authentication Posted: May 21, 2003 5:35 AM

      I have made the JAAS authentication works with JBoss 2.4.10 by checking the user's principal against users.properties / roles.properties / my-client.properties

      My EJB's meta-inf, jboss.xml file contains below :-


      <security-domain>java:/jaas/@security-domain@</security-domain>
      <enterprise-beans>
      ..
      ..

      It works only if I deployed the EJB directly into the deploy folder. When I login with invalid user id or password, JBoss server will invoke securityexception error

      BUT if I start JBoss from command prompt with the previous EJB already loaded in deploy folder, then
      JBoss no longer authenticate against the user-id and password, even wrong id and/or password allows the client to invoke the bean. Why?

      Regards,
      Pete