2 Replies Latest reply on Feb 6, 2004 10:52 AM by Scott Stark

    JAAS question



      I am new to JAAS.

      Because of the special requirement of the project, the identy ID and credential of the clients are not known until one of my session bean to caculate them based on the input of the clients. So, my question is :

      (1)Is it possible to do JAAS login() in a session bean so that the client is authorized to invoke other methods?

      (2) How to? Any examples?


        • 1. Re: JAAS question

          Standard ejb-jar.xml allows you to set security roles per method, just leave the one that calculates the identity as < unchecked/>.

          You can do client side login() after invoking this method.

          • 2. Re: JAAS question
            Scott Stark Master

            Yes, the session bean can do a login and use the ClientLoginModule to set the caller identity for subsequent calls. If your trying to invoke secured methods on the bean doing the login, you will have to obtain the remote/local interface from the session context and invoke the methods through that or else you are bypassing the security checks.

            There is an example of a servlet calling into the ejb layer after a jaas login in the testsuite called org.jboss.test.web.servlets.ClientLoginServlet