Wolfgang Knauf [
http://community.jboss.org/people/WolfgangKnauf] replied to the
discussion
"JAAS + EJB3.0 + Jboss unable to propaogate"
To view the discussion, visit:
http://community.jboss.org/message/551439#551439
--------------------------------------------------------------
Hi,
I think you could use a simpler approach to your login module, as you need the standard
functionality of username + password plus an additional EJB access check.
So, your login module could be a subclass of e.g.
"org.jboss.security.auth.spi.DatabaseServerLoginModule" (source code e.g. here:
http://www.docjar.com/html/api/org/jboss/security/auth/spi/DatabaseServer...
http://www.docjar.com/html/api/org/jboss/security/auth/spi/DatabaseServer...
) , and you might add your own EJB access check to an override of
"getRoleSets":
@Override
protected Group[] getRoleSets() throws LoginException
{
String username = getUsername();
Group[] roleSets = super.getRoleSets();
//Try to access EJB here:
if ( ejbaccessFail)
{
roleSets = new Group[0];
}
return roleSets;
}
If the EJB access fails with a security exception, you could return an empty RoleSet.
Think about it, hopefully your security config will become much easier by this, and
hopefully error detection will be easier.
By the way: to configure your login module, you might use this approach, too (you need 5.1
for this):
http://server.dzone.com/articles/security-features-jboss-510
http://server.dzone.com/articles/security-features-jboss-510
Best regards
Wolfgang
--------------------------------------------------------------
Reply to this message by going to Community
[
http://community.jboss.org/message/551439#551439]
Start a new discussion in EJB 3.0 at Community
[
http://community.jboss.org/choose-container!input.jspa?contentType=1&...]