1 Reply Latest reply on Feb 10, 2006 8:08 AM by chris griffith

    ejb3, client.java, and JAAS

    darren hartford Expert

      Hey all,
      First, I'm referencing this document as it seems to be the most recent: http://wiki.jboss.org/wiki/Wiki.jsp?page=Ejb3TransactionAndSecurity

      I have a client.java remotely talking to a secured EJB3 business bean, yay!

      The problem however is exactly as stated in the above document -

      JBoss recommends using JAAS for more portable applicatons.

      I'm assuming that using the proprietary SecurityAssociation does not promote JAAS-style-portability, nor does entering the PRINCIPAL and CREDENTIALS manually into a Property object for the IntialContext seem like a good idea.

      My use-case will be an Eclipse RCP thick client - my preference would be JAAS versus copying the Principal/Credential String values for use in InitialContext.

      So, where can one find an example of using JAAS in a remote client talking to a secured EJB3 business bean?


        • 1. Re: ejb3, client.java, and JAAS
          chris griffith Expert

          Chapter 8 of the jboss server guide does a good job of explaining how to set up a security domain for a client. So read that first. To paraphrase, you will perform a JAAS login in you client application. The last LoginModule in you stack should be the org.jboss.security.ClientLoginModule. This will set the SecurityAssociation for you. This is better than directly accessing the SecurityAssociation in case the API changes.

          If this does not solve your problem, let me know,