3 Replies Latest reply on May 13, 2004 5:23 AM by urunkulia

    MDB, LoginContext, RunAs

    rp28 Newbie


      I have a MDB successfully running but I would like to make calls to various session beans under a certain user context, so I'm attempting to do something as follows:



      UsernamePasswordHandler a = new UsernamePasswordHandler("test","test");
      LoginContext lc = new LoginContext("simple", a);

      lc.login();

      Subject s = lc.getSubject();

      Subject.doAs(s,new PrivilegedAction() {
      public Object run() {


      SomeSessionHome uh = [get home ]

      SomeSession un = uh.create();

      ....
      }});

      All is fine, and the authentication is working successfuly against my .properties files as I get an error with an invalid password, however the calls to the .create fails with

      java.lang.SecurityException: Authentication exception, principal=null

      Any ideas what I might be missing?

        • 1. Re: MDB, LoginContext, RunAs
          rp28 Newbie


          I needed to add
          <login-module code = "org.jboss.security.ClientLoginModule"
          flag = "required">
          </login-module>

          as the last item in the section to the appropriate <application-policy> in the login-conf.xml.

          • 2. Re: MDB, LoginContext, RunAs
            urunkulia Newbie

            Hi rp28,

            I have the same problem with a MDB, that calls various secured session beans. These session are configured with <use-caller-identity/>.

            The MDB has no security identity due to asynchronous communication. I have tried using <run-as><role-name> with the MDB, but an AuthenticationException, principal=null is thrown.

            So I have tried to solve this problem with the code snippet you had written to get a security identity that can be passed to the session beans.

            The code snippet from the onMessage method of my MDB (JBoss 3.2.3 w/ Tomcat):

            CallbackHandler callbackHandler = new UsernamePasswordHandler(username, password);
             LoginContext lc = new LoginContext("test", callbackHandler);
             lc.login();
             Subject subject = lc.getSubject();
             Subject.doAs(subject, new PrivilegedAction() {
             public Object run() {
            
             MySessionLocalHome home = [getHome];
             MySession mySession = home.create();
             return null;
             }
             });
            mySession.callSomeMethods();
            


            In login-config.xml I configured my <application-policy> with DatabaseServerLoginModule which works fine as long as I don't use MDBs.

            Though I get an AuthenticationException, principal=null.

            Any ideas? Have I forgotten to configure something? Any help would be appreciated.

            • 3. Re: MDB, LoginContext, RunAs
              urunkulia Newbie

              Hi,

              I've got a solution for my problem.

              This Thread helped to solve my problem:
              http://jboss.org/index.html?module=bb&op=viewtopic&t=38229

              I had to add another login module in login-config.xml:
              <login-module
              code = "org.jboss.security.ClientLoginModule"
              flag = "required">
              </login-module>

              I am using DatabaseServerLoginModule but it will only work correctly with the ClientLoginModule. The CallerIdentity is now passed from my MDB to my SessionBeans.