im using jboss-4.0.3SP1.
How to configure a secure jndi lookup?
this is not explained in SecureJBoss trail.
that is how to specify a username - password in InitialContetxt properties
and JBoss returns the lookup jndi resource[eg. ejb] with the given security credentials.
If we dont do this, anyone can just hack jndi lookup? Or is there a different alternative to secure jndi lookup?
Properties p = new Properties();
...
...
properties.put(Context.SECURITY_PRINCIPAL, username);
properties.put(Context.SECURITY_PRINCIPAL, password);
InitialContext ctx = new InitialContext(properties);
ctx.lookup(something);
Please refer to http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch3.chapter.html. There is an org.jboss.security.jndi.LoginInitialContextFactory, and you could also try to use HTTPS to access the initial context.