[PicketBox Development] - Re: LoginModule defined with cached=true, but called between web and ejb container
2:37 p.m.
Darran Lofthouse [https://community.jboss.org/people/dlofthouse] created the discussion
"Re: LoginModule defined with cached=true, but called between web and ejb
container"
To view the discussion, visit: https://community.jboss.org/message/649453#649453
--------------------------------------------------------------
The reason for the second call is that between the authentication in the web tier and the
call to the EJB the username and password could have been set in code to run as a
different authenticated user, the switch to use the SecurityDomainContext will cause thise
second call to use the same cache as the first call so no second authentication will
actually occur and the identity will remain the same - should a username and password be
set then the identity will be switched to the new identity, this is also implemented as a
stack so as the call returns the state of the stack is restored to the state it was when
the call arrived at the EJB.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/649453#649453]
Start a new discussion in PicketBox Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
8:29 a.m.
Daniel Straub [https://community.jboss.org/people/dastraub] created the discussion
"Re: LoginModule defined with cached=true, but called between web and ejb
container"
To view the discussion, visit: https://community.jboss.org/message/714211#714211
--------------------------------------------------------------
Unitl you can find a solution, I patched the SimpleSecurityManager because of this problem
we are massive hindered during our development process. Each ejb-call forces a call to a
complex login module.
I changed the methode SimpleSecurityManager.establishSecurityContext like this :
{code}
private static SecurityContext establishSecurityContext(final String securityDomain) {
// Do not use SecurityFactory.establishSecurityContext, its static init is
broken.
try {
final AuthenticationManager authenticationManager = new
JNDIBasedSecurityManagement().getAuthenticationManager(securityDomain);
final SecurityContext securityContext =
SecurityContextFactory.createSecurityContext(securityDomain);
if (authenticationManager != null) {
final ISecurityManagement delegate = securityContext.getSecurityManagement();
securityContext.setSecurityManagement(new ISecurityManagement() {
@Override
public MappingManager getMappingManager(String securityDomain) {
return delegate.getMappingManager(securityDomain);
}
@Override
public JSSESecurityDomain getJSSE(String securityDomain) {
return delegate.getJSSE(securityDomain);
}
@Override
public IdentityTrustManager getIdentityTrustManager(String securityDomain) {
return delegate.getIdentityTrustManager(securityDomain);
}
@Override
public AuthorizationManager getAuthorizationManager(String securityDomain) {
return delegate.getAuthorizationManager(securityDomain);
}
@Override
public AuthenticationManager getAuthenticationManager(String securityDomain) {
return authenticationManager;
}
@Override
public AuditManager getAuditManager(String securityDomain) {
return delegate.getAuditManager(securityDomain);
}
});
}
SecurityContextAssociation.setSecurityContext(securityContext);
return securityContext;
} catch (Exception e) {
throw new SecurityException(e);
}
}
{code}
Does not look good, but is a workaround for us.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/714211#714211]
Start a new discussion in PicketBox Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
4465
days inactive
4469
days old
jboss-dev-forums@lists.jboss.org
1 comments
2 participants
participants (2)
-
Daniel Straub -
Darran Lofthouse