[jboss-user] [Security & JAAS/JBoss] - EJB3: How to access @Stateless EJBs from custom LoginModule?

baeurlem do-not-reply at jboss.com
Thu Jan 17 05:37:49 EST 2008 

Hi,

I have a JBoss 4.2.2.GA WebService application, where the WebServices should be secured.
So I wrote a custom LoginModule for JBoss 4.2.2.GA which extends the org.jboss.security.auth.spi.UsernamePasswordLoginModule. I defined an <application-policy> in the login-config.xml and I use the @SecurityDomain annotation for the secured @WebService beans

So far so good: My LoginModule is called correctly.

Inside the LoginModule I want to call a local @Stateless bean which provides methods to retrieve the user/roles via Hibernate from the database.

But how to access this bean? 

I tried the @EJB annotation => no success
I tried a lookup via JNDI => no success (NameNotFoundException)

MyLoginModule:


  | public class MyLoginModule extends UsernamePasswordLoginModule
  | {
  | 	private MyAuthenticationService	myAuthenticationService;
  | 
  | 	@Override
  | 	public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
  | 	{
  | 		super.initialize(subject, callbackHandler, sharedState, options);
  | 		try {
  | 			Context jndiContext = new InitialContext();
  | 			this.myAuthenticationService = (MyAuthenticationService) jndiContext.lookup("java:comp/env/ejb/MyAuthenticationServiceImpl"); // does not work (ejb not bound)
  |                 // does not work: I tried all name combinations
  |                 // jndiContext.lookup("java:comp.ejb3/env/ejb/MyAuthenticationServiceImpl") => does not work (ejb not bound)
  |                 // jndiContext.lookup("ejb/MyAuthenticationServiceImpl") => does not work (ejb not bound)
  |                 // jndiContext.lookup("MyAuthenticationServiceImpl") => does not work (MyAuthenticationServiceImpl not bound)
  | 		}
  | 		catch (NamingException ex) {
  | 			// TODO Auto-generated catch block
  | 			ex.printStackTrace();
  | 		}
  | 	}
  | 
  | 	@Override
  | 	protected Principal createIdentity(String username) throws Exception
  | 	{
  | 		MyUser user = this.myAuthenticationService.retrieveUserByLoginName(username);
  | 		return user;
  | 	}
  | 
  | 	@Override
  | 	protected String getUsersPassword() throws LoginException
  | 	{
  | 		MyUser myUser = (MyUser) this.getIdentity();
  | 		return myUser.getPassword();
  | 	}
  | 
  | 	@Override
  | 	protected Group[] getRoleSets() throws LoginException
  | 	{
  | 		Group roles = new SimpleGroup("Roles"); // "Roles" is the expected GroupName for the roles
  | 
  | 		for (Principal role : ((MyUser) this.getIdentity()).getRoles()) {
  | 			roles.addMember(role);
  | 		}
  | 
  | 		return new Group[] { roles };
  | 	}
  | 
  | 	@EJB // has no effect
  | 	public void setMyAuthenticationService(MyAuthenticationService myAuthenticationService)
  | 	{
  | 		this.myAuthenticationService = myAuthenticationService;
  | 	}
  | 
  | }
  | 
  | 

MyAuthenticationServiceImpl:


  | @Stateless
  | public class MyAuthenticationServiceImpl implements MyAuthenticationService
  | {
  | 
  |         // ...
  | 
  | 	public MyUser retrieveUserByLoginName(String loginName) throws LoginException
  | 	{
  |             // here the DAO is called which uses the EntityManager
  | 	}
  | 
  |         // ...
  | 	
  | }
  | 

MyAuthenticationService:


  | public interface JaasService
  | {
  |         // ...
  | 	public MyUser retrieveUserByLoginName(String loginName) throws LoginException;
  |         // ...
  | }
  | 

What is wrong?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4120785#4120785

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4120785

More information about the jboss-user mailing list