[jboss-user] [EJB 3.0] - Re: Invalid User on EJB authentication (JBoss 5 CR2)

javidjamae do-not-reply at jboss.com
Wed Oct 15 10:40:17 EDT 2008


Yes, this was definitely working in JBoss 4.x and in the JBoss 5 Beta releases. AFAIK, all the ClientLoginModule does is set the SecurityAssociation principal and Credential. 

For example, "8.5.3.10. ClientLoginModule" in the JBoss 4 guide says:

anonymous wrote : The ClientLoginModule is an implementation of LoginModule  for use by JBoss clients for the establishment of the caller identity and credentials. This simply sets the org.jboss.security.SecurityAssociation.principal to the value of the NameCallback filled in by the callbackhandler, and the org.jboss.security.SecurityAssociation.credential to the value of the PasswordCallback filled in by the callbackhandler. This is the only supported mechanism for a client to establish the current thread's caller. Both stand-alone client applications and server environments, acting as JBoss EJB clients where the security environment has not been configured to use JBossSX transparently, need to use the ClientLoginModule. Of course, you could always set the org.jboss.security.SecurityAssociation information directly, but this is considered an internal API that is subject to change without notice.

I'll try again using JAAS to see if there is any difference.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4182427#4182427

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4182427



More information about the jboss-user mailing list