1 Reply Latest reply on Jun 30, 2004 3:14 AM by cbrettin

Deferred JAAS login (OASIS WSSE)

cbrettin Jun 25, 2004 3:18 AM

Consider the scenario of a web service where the authentication credentials are carried inside the SOAP message (ie wsse). Is it possible to supply authentication credentials extracted (during servlet SOAP processing) to the JBoss JAAS system?

JBoss JAAS authorisation seems to involve an interplay of the security domain and SecurityAssociation, so it's more complex than doing my own login and Subject.runAs().

Obviously, I would prefer to use local objects since it's in the same VM; I think what is needed is some way to inject principal and credential into the Invocation sent to the EJB container, which would then interpret them with its security context (then I just write a login module and every thing works).

Is there a easy way to do this?

1. Re: Deferred JAAS login (OASIS WSSE)

cbrettin Jun 30, 2004 3:14 AM (in response to cbrettin)

As far as I can tell the way to do this is to set the Principal and credential for the thread via SecurityAssociation, then these will be picked up by the proxy and added to Invocation.

I'm uncomfortably aware that I'm not an expert on the complete JBoss architecture and all the interactions that occur; this one is for the heavy-duty JBoss experts:
Putting aside the implementation specific nature of the solution, is there any reason that this a bad idea (ie what could go wrong, is there a better way)?
Actions