Good day to All,
I'm relatively new to J2EE. I've allready developed a number of EJBs and pages and now I'm trying to implement security to control access to EJBs.
I've read all possible manuals I found on the net, but still there are some questions not quite clear for me...
Everything is deployed into the single EAR archive and inside the JSP code I access my EJB in the following manner:
LoginContext lc = new LoginContext("MyAuthDomain", new myCallback("login","pass"));
// At this point everything is perfect, I can retrieve the subject by lc.getSubject() and see that authentication was OK, i.e. Roles are populated properly, principal is the right one.
// But then I create my EJB by
// This raises an exception:
// EJBException:; nested exception is:
// CausedByException is: Authentication exception, principal=null
The create() method of EJB is marked as in ejb-jar.xml, <method-permission> tag.
What else I did:
1) Configured [server]/default/config/login-config.xml (specified the security-policy "MyAuthDomain" mentioned in new LoginContext())
2) In ejb-jar.xml I created <assembly-descriptor> section where I list roles and grant method permissions to them
3) In jboss.xml I created the <security-domain> entry linking the EJB to MyAuthDomain entry in login-config.xml.
4) I created also auth.conf file in [server]/default/conf with MyAuthDomain section like:
(but JSP passes authentication even without it)
When I switch on the declarative authentication for this JSP in it's deployment descriptors (and remove all the authentication code from it's text), everything works perfectly. So, it doesn't only when I try to perform authentication programmatically. I obviously missed something in configuration.
Please, help me to find it out or give me an URL where I can read about it in details.
At least, do I understand right that between lc.login() and lc.logout() my code can call EJB in it's usual manner like myEJB.getData() and I shouldn't wrap this calls in something like executeAsPrivilegedUser(..., subject)?
Many thanks in advance!