0 Replies Latest reply on Jan 26, 2007 4:42 AM by changemylife

    Using JAAS authentication with JBoss !! Please help me !!!!

    changemylife Newbie

      Dear All !

      I am beginner with JBoss. I were read some article about Using Jaas authentication with JBoss. But I have some difficults about using JAAS with JBoss.

      I have a file config: "client.config" with content:

      helloDomain {
      auth.client.MyLoginModule required debug=false;
      org.jboss.security.ClientLoginModule required;
      };

      and a file policy: "client.policy" with content:

      grant codebase "file:./-" {
      permission javax.security.auth.AuthPermission "modifyPrincipals";
      permission javax.security.auth.AuthPermission
      "createLoginContext.helloDomain";
      };

      On the Client side, I do:

      I write a MyLoginModule to authenticate a user (MyLoginModule implements javax.security.auth.spi.LoginModule) and it always return true.
      In my main(), I write:
      --------------
      ...
      LoginContext lc = new LoginContext("helloDomain", new CustomCallbackHandler());
      lc.login();

      Properties env = new Properties();
      env.put(Context.PROVIDER_URL,"violon:1099");
      env.put(Context.SECURITY_PRINCIPAL, SecurityAssociation.getPrincipal());
      env.put(Context.SECURITY_CREDENTIALS, SecurityAssociation.getCredential());
      env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
      -----------------
      But when I complie, I have two problem :
      1. I must enter username and password twice. So, in client.config I must delete the line: "org.jboss.security.ClientLoginModule required;" ?
      2. I not allow read SecurityAssociation...

      On the Server side, I do :

      I have a bean called "HelloBean". The HelloBean's remote interface defines two methods, printA() and printB().
      -------------
      @Stateless
      public class HelloBean implements Hello {
      public String printA() {
      System.out.println("This is person A");
      return "Hello A !!! ";
      }
      public String printB() {
      System.out.println("This is person B");
      return "Hello B";
      }
      }
      ---------------
      I write a file ejb-jar.xml with contents:
      ---------------
      <?xml version="1.0" encoding="UTF-8"?>
      <ejb-jar>
      <enterprise-beans>
      <assembly-descriptor>
      <Security-role>
      <role-name>RoleA</role-name>
      </Security-role>

      <Security-role>
      <role-name>RoleB</role-name>
      </Security-role>

      <method-permission>
      <role-name>RoleA</role-name>

      <ejb-name>Hello</ejb-name>
      <method-name>printA</method-name>

      </method-permission>

      <method-permission>
      <role-name>RoleB</role-name>

      <ejb-name>Hello</ejb-name>
      <method-name>printB</method-name>

      </method-permission>

      </assembly-descriptor>
      </enterprise-beans>
      </ejb-jar>
      -------------------
      and a file jboss.xml :
      ------------------
      <?xml version="1.0" encoding="UTF-8"?>

      <security-domain>helloDomain</security-domain>

      ------------------
      and I write class CustomServerLoginModule (extends AbstractServerLoginModule)

      ------------------
      private Principal identity;
      public boolean login() throws LoginException {
      identity = org.jboss.security.SecurityAssociation.getPrincipal();
      if ( identity == null )
      {
      throw new LoginException( "The principal was not found in the SecurityAssociation." );
      }
      loginOk = true;
      return true;
      }
      @Override
      protected Principal getIdentity() {
      return identity;
      }
      @Override
      protected Group[] getRoleSets() throws LoginException {
      Group rolesGroup = new SimpleGroup( "Roles" );
      rolesGroup.addMember(new SimplePrincipal("RoleA"));
      rolesGroup.addMember(new SimplePrincipal("RoleB"));
      return new Group[]{ rolesGroup };
      }
      ------------------
      I package my HelloBean with two file ejb-jar.xml and jboss.xml. So, anything that I missing ? My class CustomServerLoginModule I must which place ?

      I hope your help to solve my problems.

      Sorry because my E is not good ! Thanks you.