2 Replies Latest reply on Aug 11, 2006 1:40 PM by A D

    Problems with my security proxy

    A D Newbie

      Hi to everybody, I'm practically newbie in JBoss and EJB deployment so I hope this doesn't sound stupid...

      The client perform a JAAS login to establish the principal and credentials for authentication in the server. The LoginModule used in client is ClientLoginModule. After a sucessful "login" it obtains teh home interface of a stateless session bean and calls to create method.

      In the server it is a security proxy configured to protect this bean so when create method is called, first setEJB methos of the proxy is called and then invokeHome. My problem is that I want to retrieve the principal and the password obtained in the client through the context but this seem to be null.
      How can i get the values of the principal and credential?

      Thanks for all.

        • 1. Re: Problems with my security proxy
          chris griffith Expert

          fosodquez,

          The ClientLoginModule does not have any authentication logic, so if that is your only login module, then you are not authenticating.

          cgriffith

          • 2. Re: Problems with my security proxy
            A D Newbie

            hi j2ee_junkie,

            I know ClientLofinModules hasn't any authenticacton logic, I'm following what it's said in this document, point 8.4.1:

            http://docs.jboss.org/jbossas/jboss4guide/r2/html/ch8.chapter.html

            Login client side has done sucessfully and after doing lc.login() () if I put this line lc.getSubject().getPrincipals() I get as principal the name I have filled in the username field.
            In the second step it is said that if i obtain the EJB home interface and create a bean, this results in a home interface method invocation being sent to the JBoss server. The invocation includes the method arguments passed by the client along with the user identity and credentials from the client-side JAAS login performed in step 1.
            To invoke create method calls first setEJBContext (EJBContext ctx) but ctx is null and then invokeHome method. If i want to do an authentication in the server side I need to know the principal and the credential obtained in first step. How can i get the principal obtained in the first step in security proxy without sending them as parameters when i invoke create method if ctx is null in sec proxy?

            Thanks