Jboss clientLoginModule authentication Posted: May 18, 2003 10:39 PM
I am using jboss 2.4.10 and read about the
jaas authentication and so forth
I have configured the sample client with
auth.conf setup externally and inside java,
- handler = new AppCallbackHandler("test", "test");
LoginContext lc = new LoginContext("my-client", handler);
the jboss allows me to login successfully at all time.
I output the login user/password param through the callback method with no problem.
but practically how do I make sure that those users not in the "list" can't login to use my EJB.
I can't find the match of users.properties and roles.properties with the loginContext above.
Anyone ? BTW, thank you.
Re: Jboss clientLoginModule authentication Posted: May 21, 2003 5:35 AM
I have made the JAAS authentication works with JBoss 2.4.10 by checking the user's principal against users.properties / roles.properties / my-client.properties
My EJB's meta-inf, jboss.xml file contains below :-
It works only if I deployed the EJB directly into the deploy folder. When I login with invalid user id or password, JBoss server will invoke securityexception error
BUT if I start JBoss from command prompt with the previous EJB already loaded in deploy folder, then
JBoss no longer authenticate against the user-id and password, even wrong id and/or password allows the client to invoke the bean. Why?
The ClientLoginModule do no authenticate work. It just pass the login information to server.
So if you want to do authenticate on client, ClientLoginModule is not the right choice.