[Design of JBoss Remoting, Unified Invokers] - Re: http-invoker and authentication info
by dsengupt
The problem as I discovered later was that during ejb invocations over http, the SecurityContext did not possess the user credentials. The default JMXInvokerServlet does not setup the security context in the marshalled invocatoin and hence the securityinterceptor on the server side of the ejb cannot determine authentication info. I solved it by setting up 2 things - firstly a filter that extracts username/password (set during login) from the httpsession and performs a jaas login(this sets up the SecurityAssociation for this thread). Secondly, instead of posting to the default JMXInvokerServlet, i post to a custom servlet that in addition to doing what JMXInovekrServlet does also gets the principal and credentials from the SecurityAssociation and sets it to the marshalled invocation (marshalled invocation is available from the http servlet request). Hope this helps.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4047972#4047972
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4047972
17 years
[Design of Security on JBoss] - Re: SASL Authentication
by mikezzz
There are 2 issues that I can see implementing it in this manner.
1. SASL doesn't use a standard set of credentials, it uses a challenge/response mechanism. So I guess that the credential Object would have to be some kind of interface allowing a callback. Not impossible, but requires a messy cast, and how this interacts with a JAAS LoginContext/CallbackHandler is not clear to me.
2. The Java SASL implementation requires that you pass the user's expected password into the SASL engine during the authentication process. This means I need to call the protected getUsersPassword() method from the UsernamePasswordLoginModule. The only way to access this method (in a non-evil manner) is to make the functionality part of that class hierarchy.
Mike.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4047926#4047926
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4047926
17 years