Permission issue in calling EJB from MDB
by valsaraj pv
Hi,
We have recently switched from JAAS to Keycloak. Application is JavaEE
application with EJBs & MDBs.
Set keycloak login module in WildFly to propagate user from wen to EJB & it
worked.
But facing issue when an EJB is called from MDB. There is anonymoius user
in MDB when message received. So that user don't have permission to invoke
EJB protected by:
> <s:security>
> <ejb-name>*</ejb-name>
>
> <s:missing-method-permissions-deny-access>false</s:missing-method-permissions-deny-access>
> <s:security-domain>keycloak</s:security-domain>
> </s:security>
In JAAS version, we have programmatic login using dedicated mdb user.
loginContext = new LoginContext("ldap", new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) {
int len = callbacks.length;
Callback cb;
for (int i = 0; i < len; i++) {
cb = callbacks[i];
if (cb instanceof NameCallback) {
NameCallback ncb = (NameCallback) cb;
ncb.setName(mdbuserName);
} else if (cb instanceof PasswordCallback) {
PasswordCallback pcb = (PasswordCallback) cb;
pcb.setPassword(mdbUsrPass);
}
}
}
});
loginContext.login();
This have user with required permission. Since now moved to Keycloak, this
code will not work. What is the option to prevent permission issue in
calling EJB from MDB?
Thanks!
6 years, 7 months
Programmatically login as a user
by valsaraj pv
Hi,
I have web application login via Keycloak working fine. But for a
background processing like reading messages from a queue, need to login as
a dedicated queue user behind the scenes. For this we can't redirect to
login page. Earlier it was done pro grammatically by using JAAS login
context and passing login module & credentials. Now when we switch to KC,
what is the appropriate model to do this?
Please advice!
Thanks!
6 years, 7 months
