[jboss-dev-forums] [JBoss AS 7 Development] - JBoss 7 and Ejb remote call with security
andrei povodyrev
do-not-reply at jboss.com
Thu Mar 15 16:22:22 EDT 2012
andrei povodyrev [https://community.jboss.org/people/apovodyrev] commented on the document
"JBoss 7 and Ejb remote call with security"
To view all comments on this document, visit: https://community.jboss.org/docs/DOC-17581#comment-9369
--------------------------------------------------
Seems like all remote calls have to be authenticated by remoting-connector.
Application login module must have <module-option name="password-stacking" value="useFirstPass"/> to piggy back on cached Principal/Credentials
If security realm (ApplicationRealm by default) is removed from remoting-connector, there is no way to authenticate ejb remote call.
Tried multiple approaches
1)
jndiProperties.put(InitialContext.SECURITY_PRINCIPAL, "user");
jndiProperties.put(InitialContext.SECURITY_CREDENTIALS, "pass");
2)
org.jboss.security.client.SecurityClient
3)
org.jboss.security.auth.callback.AppCallbackHandler
User credential set by above means do not get to java ee security context and random UUID values are used on server, or $local if
setting SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER not used
Seems like a mess. If you have multiple apps on the same server with own security, maintaining acces to then with remote client is going to be nightmare.
--------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20120315/e7f8e9d5/attachment.html
More information about the jboss-dev-forums
mailing list