You need to do a login a JAAS login
public void onMessage(Message message)
LoginContext context = new LoginContext("client-login", handler);
// Do work
The handler is just a jaas callback handler
e.g. you could use
UsernamePasswordCallbackHander h = new UsernamePasswordCallbackHander(user, password.toCharArray())
You could easily make this an interceptor and add
it to your MDB.
NOTE: This does no authentication. It just
attaches the user and password to the thread.
Any secured EJBs will authenticate and authorise
thanks for the reply. I tried that under JBoss 2.4.4 and it does not work. I see our LoginModule get invoked, but a call to getCallerPrincipal in the EJB returns 'nobody'
We cant use a newer JBoss because of how slowly they compile JSPs on the fly.
AFAIK "client-login" wasn't configured on 2.4.4
You can do the same thing as the JAAS login
by using the SecurityAssociation class directly
(this should help you to debug the JAAS config)
WEB-STUFF: I'm no expert but...
Checkout 3.2, it has Jasper2 which is supposed
to be a lot faster.
Have you tried unpacked war deployments?
With this method you only have to recompile
the changed jsps as you change them not the
'client-login' is in 2.4.4 and it appears to work. I was using my custom LoginModule name before.
What is the difference though? Do subsequent calls use my custom LoginModule to authenticate that user name and password assigned to the Thread by client-login?
If your custom login module is on the called ejbs
then yes it will check the principal/credential
assigned to the thread by the "client-login".
thanks for your replies Adrian.
what is special about 'client-login'? Shouldn't a call to what i have configured in 'my-login' work the same way?
Well, now i am going to have to get this to work in Weblogic which is going to take some time due to all their 'value-add' garbage.
The user and credential in the jndi context
is only used during the lookup.