[jboss-user] [Security & JAAS/JBoss] - Re: Using SecurityClient
rbattenfeld
do-not-reply at jboss.com
Tue Jun 9 09:48:27 EDT 2009
Hi Wolfgang and Anil
Thank you for your replies. I changed the client login as mentioned in the thread:
http://www.jboss.org/index.html?module=bb&op=viewtopic&t=144865]
Unfortunately, it didn't solve the problem. May the problem is related to how my custom login module passes the roles back to the JAAS framework. According this blog:
http://stuffthathappens.com/blog/2008/05/16/writing-a-custom-jaas-loginmodule/]
the way of passing roles are JBoss specific. May I have to pass it differently when using standard JAAS client login without the SecurityClient.
The code is:
| if (!subject.getPrincipals().contains(user))
| {
| subject.getPrincipals().add(user);
|
| /**
| * this is the important part to work with JBoss:
| * jboss requires the name 'Roles'
| */
| SimpleGroup group = new SimpleGroup("Roles");
| for (SimplePrincipal role : roles)
| {
| group.addMember(role);
| }
|
| subject.getPrincipals().add(group);
| }
|
The login itself works fine. The security exception is thrown when the client invokes a method from the session bean.
Regards,
Ralf
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4236388#4236388
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4236388
More information about the jboss-user
mailing list