2 Replies Latest reply on Aug 11, 2006 1:40 PM by A D

    Problems with my security proxy

    A D Newbie

      Hi to everybody, I'm practically newbie in JBoss and EJB deployment so I hope this doesn't sound stupid...

      The client perform a JAAS login to establish the principal and credentials for authentication in the server. The LoginModule used in client is ClientLoginModule. After a sucessful "login" it obtains teh home interface of a stateless session bean and calls to create method.

      In the server it is a security proxy configured to protect this bean so when create method is called, first setEJB methos of the proxy is called and then invokeHome. My problem is that I want to retrieve the principal and the password obtained in the client through the context but this seem to be null.
      How can i get the values of the principal and credential?

      Thanks for all.

        • 1. Re: Problems with my security proxy
          chris griffith Expert


          The ClientLoginModule does not have any authentication logic, so if that is your only login module, then you are not authenticating.


          • 2. Re: Problems with my security proxy
            A D Newbie

            hi j2ee_junkie,

            I know ClientLofinModules hasn't any authenticacton logic, I'm following what it's said in this document, point 8.4.1:


            Login client side has done sucessfully and after doing lc.login() () if I put this line lc.getSubject().getPrincipals() I get as principal the name I have filled in the username field.
            In the second step it is said that if i obtain the EJB home interface and create a bean, this results in a home interface method invocation being sent to the JBoss server. The invocation includes the method arguments passed by the client along with the user identity and credentials from the client-side JAAS login performed in step 1.
            To invoke create method calls first setEJBContext (EJBContext ctx) but ctx is null and then invokeHome method. If i want to do an authentication in the server side I need to know the principal and the credential obtained in first step. How can i get the principal obtained in the first step in security proxy without sending them as parameters when i invoke create method if ctx is null in sec proxy?