[jboss-user] [Security & JAAS/JBoss] - Re: Can't get access right from Java Client

jaikiran do-not-reply at jboss.com
Thu Sep 28 04:57:39 EDT 2006 

anonymous wrote : I was first using LoginInitialContextFactory. Does this module perform client-side authentication ?

As per the javadocs of LoginInitialContextFactory:

anonymous wrote : /** A naming provider InitialContextFactory implementation that combines the authentication phase
  |  * with the InitialContext creation. During the getInitialContext callback from the JNDI naming
  |  * layer a JAAS LoginContext is created using the login configuration name passed in as
  |  * the Context.SECURITY_PROTOCOL env property. The CallbackHandler used is a
  |  * org.jboss.security.auth.callback.UsernamePasswordHandler that is populated
  |  * with the username obtained from the Context.SECURITY_PRINCIPAL env property
  |  * and the credentials from the Context.SECURITY_CREDENTIALS env property.
  | */

In brief, the LoginIntialContextFactory uses the login module to which you passed through env.put(Context.SECURITY_PROTOCOL,...). In your case this happens to be:

env.put(Context.SECURITY_PROTOCOL,"CPIProject");

And your "CPIProject" points to the ClientLoginModule:

CPIProject {
  | 	org.jboss.security.ClientLoginModule required
  | 	password-stacking="useFirstPass"
  | 	;
  | };

As already mentioned the ClientLoginModule will just copy the login information and will not do any authentication.

anonymous wrote : If not, can you send me a piece of code that does perform client-side authentication ?

If you require authentication to be done, then the simplest one would be to use the UsersRolesLoginModule which authenticates using users.properties file and roles.properties file. So your "CPIProject" context will look like:

CPIProject {
  | org.jboss.security.auth.spi.UsersRolesLoginModule required;
  | };

Your properties file should be present in the classpath. Typically the users.properties file will contain something like:

#username=password
  | root=root
  | someotheruser=pass1

The roles.properties will contain the username and role mappings.


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3974795#3974795

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3974795

More information about the jboss-user mailing list