Using JAAS authentication with JBoss !! Please help me !!!!
violon Jan 26, 2007 4:42 AMDear All !
I am beginner with JBoss. I were read some article about Using Jaas authentication with JBoss. But I have some difficults about using JAAS with JBoss.
I have a file config: "client.config" with content:
helloDomain {
auth.client.MyLoginModule required debug=false;
org.jboss.security.ClientLoginModule required;
};
and a file policy: "client.policy" with content:
grant codebase "file:./-" {
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission
"createLoginContext.helloDomain";
};
On the Client side, I do:
I write a MyLoginModule to authenticate a user (MyLoginModule implements javax.security.auth.spi.LoginModule) and it always return true.
In my main(), I write:
--------------
...
LoginContext lc = new LoginContext("helloDomain", new CustomCallbackHandler());
lc.login();
Properties env = new Properties();
env.put(Context.PROVIDER_URL,"violon:1099");
env.put(Context.SECURITY_PRINCIPAL, SecurityAssociation.getPrincipal());
env.put(Context.SECURITY_CREDENTIALS, SecurityAssociation.getCredential());
env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
-----------------
But when I complie, I have two problem :
1. I must enter username and password twice. So, in client.config I must delete the line: "org.jboss.security.ClientLoginModule required;" ?
2. I not allow read SecurityAssociation...
On the Server side, I do :
I have a bean called "HelloBean". The HelloBean's remote interface defines two methods, printA() and printB().
-------------
@Stateless
public class HelloBean implements Hello {
public String printA() {
System.out.println("This is person A");
return "Hello A !!! ";
}
public String printB() {
System.out.println("This is person B");
return "Hello B";
}
}
---------------
I write a file ejb-jar.xml with contents:
---------------
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar>
<enterprise-beans>
<assembly-descriptor>
<Security-role>
<role-name>RoleA</role-name>
</Security-role>
<Security-role>
<role-name>RoleB</role-name>
</Security-role>
<method-permission>
<role-name>RoleA</role-name>
<ejb-name>Hello</ejb-name>
<method-name>printA</method-name>
</method-permission>
<method-permission>
<role-name>RoleB</role-name>
<ejb-name>Hello</ejb-name>
<method-name>printB</method-name>
</method-permission>
</assembly-descriptor>
</enterprise-beans>
</ejb-jar>
-------------------
and a file jboss.xml :
------------------
<?xml version="1.0" encoding="UTF-8"?>
<security-domain>helloDomain</security-domain>
------------------
and I write class CustomServerLoginModule (extends AbstractServerLoginModule)
------------------
private Principal identity;
public boolean login() throws LoginException {
identity = org.jboss.security.SecurityAssociation.getPrincipal();
if ( identity == null )
{
throw new LoginException( "The principal was not found in the SecurityAssociation." );
}
loginOk = true;
return true;
}
@Override
protected Principal getIdentity() {
return identity;
}
@Override
protected Group[] getRoleSets() throws LoginException {
Group rolesGroup = new SimpleGroup( "Roles" );
rolesGroup.addMember(new SimplePrincipal("RoleA"));
rolesGroup.addMember(new SimplePrincipal("RoleB"));
return new Group[]{ rolesGroup };
}
------------------
I package my HelloBean with two file ejb-jar.xml and jboss.xml. So, anything that I missing ? My class CustomServerLoginModule I must which place ?
I hope your help to solve my problems.
Sorry because my E is not good ! Thanks you.