3 Replies Latest reply on Oct 20, 2004 5:42 AM by Lea Thurman

    Is it Valid to Cast Down the Principal

    Lea Thurman Newbie

      Hi all,

      I am relatively new to JAAS so please be gentle ...

      As far as I can see the only way for me to introduce new caller principal information and have them propagated into the EJB is by writing my own login module and a concrete user principal with the additional attributes.

      Once in the EJB then I invoke context.getCallerPrincipal and then cast down to my concrete class to get access to the additional information.

      Is this the correct way to go or I do I need to explicity pass the Subject into each EJB call?

      Any help would be much appreciated?

        • 1. Re: Is it Valid to Cast Down the Principal
          Scott Stark Master

          JBoss allows for a login module to install a custom principal that can be cast to the custom type. This is complete undefined by any spec though, so if you want portablity the extended security information would have to be part of the ejb call data.

          • 2. Re: Is it Valid to Cast Down the Principal
            Ragav Gomatam Novice

            Can you tell me which loginModule exactly ? Becos I am also facing a similar situation..Also should that custom Principal class file be bundled with the ear ?

            • 3. Re: Is it Valid to Cast Down the Principal
              Lea Thurman Newbie

              Hi ragavgomatam,

              I am using a custom built login module. I am still in the process of development but yes I am expecting to bundle the login module and the custom principle with the ear. This will be interesting though as I am half expecting classloading issues. However if this is the case I will adopt the same principle as the jbosssx jar and put it in lib since our login module will be used by many ears and I am happy with the wider scope in this case. Are you having issues with this?

              The other problem I am expecting to face is the propagation problem. My custom login module returns a bespoke caller principle identity however I am unsure whether I will have problem with the ClientLoginModule which just transfers the username and password.

              If this is the case how can i expect my EJB's to get access to bespoke called principle on subsequent EJB invocations. Does JBoss use the username to locate the original principle?