3 Replies Latest reply on Jul 12, 2008 1:56 PM by Sebastien Degardin

    EJB3 Remote Security propagation

    Sebastien Degardin Newbie

      Hi,

      I'm trying to setup security for my EJB3 applications.
      I have a first JBoss Server with EJB3 calling remote EJB3 on another server.

      How does it work for Security ? Is there a way of propagating the principal from one server to the others like we do for Transaction ?

      I'm trying to find out what are the options for that.

      Tks.

        • 1. Re: EJB3 Remote Security propagation
          Sebastien Degardin Newbie

          I've been reading JBoss (4.2.2) config guide and obviously we can use either JNDI params to send the authentication or we can use ClientLoginModule.


          Is there a way of defining a "Global" security "domain" which would manages the propagation of the subject across JBoss Server ?

          That would be nice in our case because JBoss clients keep remote stateless proxies to avoid lookup delay everytime they call remote EJB.

          Hope someone could give me some infos.

          Cheers,
          Sebastien

          • 2. Re: EJB3 Remote Security propagation
            Ragav Gomatam Novice

            If there are 2 seperate jboss instances, i believe that you use jndi params to send authentication. But for a Global Security domain, I am not sure. I believe, you should have a federated Naming Context which spreads across clustered installations. I don't know if jboss supports distributed naming contexts

            • 3. Re: EJB3 Remote Security propagation
              Sebastien Degardin Newbie

              Thank you very much.

              The goal was not to re-login when we access those remote service.
              But, I don't think there is an easy solution for that.

              For info, since the remote layer is completely private and not accessible outside our private network, I don't see any problem by not using security restriction.

              Of course, for public services, (Web, WS, and so on) we are going to use a strong security model.

              Thanks.