-
1. Re: Principle looses login and password when bean is called
tcherel Dec 15, 2004 10:52 AM (in response to rkite01)I do not have an answer to your question (sorry) but I ma curious to know how you configured the JDBC source in JBoss in order for it to use the client identity to connect to the database.
Could should send some details about this configuration?
Thanks. -
2. Re: Principle looses login and password when bean is called
starksm64 Dec 16, 2004 1:44 PM (in response to rkite01)You'll have to describe the security settings on the database datasource. If the ejb is secured and this is working, and your using the CallerIdentityLoginModule then the identity used to access the ejb should be seen at the database.
-
3. Re: Principle looses login and password when bean is called
rkite01 Dec 16, 2004 4:54 PM (in response to rkite01)This works well as long at the caller of the Bean is from the integrated Tomcat meaning it passes security and assumes the correct login and password from the principal. It partially works when called from a swing app or Tomcat running in a seperate JVM since it passes JAAS security by allowing the call but the principal will have the default login and password not the one passed from the client login. I can see different data returned since the default user has more restricted database access than the logged in person. Also an anomaly, If the first call to the app server after startup is from the integrated Tomcat then subsequent calls from the swing app do work and when the principal is viewed in the debugger the correct login and password appears.
This is from sybase-ds.xml
<local-tx-datasource>
<jndi-name>jdbc/tcAimsIIDB</jndi-name>
<connection-url>jdbc:sybase:Tds:TIGGER:5000</connection-url>
<driver-class>com.sybase.jdbc2.jdbc.SybDataSource</driver-class>
<user-name>web_user</user-name>
web_user_pass
<security-domain>SybaseDbRealm</security-domain>
<min-pool-size>1</min-pool-size>
<max-pool-size>6</max-pool-size>
</local-tx-datasource>
This is from login-config.xml
<application-policy name="SybaseDbRealm">
<login-module code="TisCallerIdentityLoginModule" flag="required">
<module-option name="userName">web_user</module-option>
<module-option name="password">web_user_pass</module-option>
<module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=jdbc/tcAimsIIDB</module-option>
</login-module>
</application-policy>
public class TisCallerIdentityLoginModule extends CallerIdentityLoginModule
{
public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
{
super.initialize(subject, handler, sharedState, options);
}
protected Principal getIdentity()
{
Principal principal = super.getIdentity();
return principal;
}
protected Group[] getRoleSets() throws LoginException
{
Group[] groups = new Group[2];
SimpleGroup rolesGroup = new SimpleGroup("Roles");
rolesGroup.addMember(new SimplePrincipal("tisUser"));
groups[0] = rolesGroup;
SimpleGroup principlesGroup = new SimpleGroup("CallerPrincipal");
groups[1] = principlesGroup;
System.out.println("getRoleSets called");
return (groups);
}
}
Thanks
Rodney