1 Reply Latest reply on May 21, 2003 5:35 AM by kep

    Jboss clientLoginModule cycle

    kep Newbie

      I am using jboss 2.4.10 and read about the
      jaas authentication and so forth

      I have configured the sample client with
      auth.conf setup externally and inside java,
      with
      - System.setProperty("java.security.auth.login.config","auth.conf");
      AppCallbackHandler
      - handler = new AppCallbackHandler("test", "test");
      LoginContext lc = new LoginContext("my-client", handler);
      all setup

      the jboss allows me to login successfully at all time.

      I output the login user/password param through the callback method with no problem.
      but practically how do I make sure that those users not in the "list" can't login to use my EJB.
      I can't find the match of users.properties and roles.properties with the loginContext above.

      Anyone ? BTW, thank you.

      Regards,
      Pete

        • 1. Re: Jboss clientLoginModule cycle
          kep Newbie

          I have made the JAAS authentication works with JBoss 2.4.10 by checking the user's principal against users.properties / roles.properties / my-client.properties

          My EJB's meta-inf, jboss.xml file contains below :-


          <security-domain>java:/jaas/@security-domain@</security-domain>
          <enterprise-beans>
          ..
          ..

          It works only if I deployed the EJB directly into the deploy folder. When I login with invalid user id or password, JBoss server will invoke securityexception error

          BUT if I start JBoss from command prompt with the previous EJB already loaded in deploy folder, then
          JBoss no longer authenticate against the user-id and password, even wrong id and/or password allows the client to invoke the bean. Why?

          Regards,
          Pete