[jboss-user] [Security & JAAS/JBoss] - Re: ClientLoginModule and additional state
do-not-reply at jboss.com
Tue Apr 29 05:18:22 EDT 2008
Thank you for the reply and sorry - I didn't quite make myself clear. Using state was not the correct term.
Having read the JAAS tutorial I see that a Subject can have many principals. For instance a username, a social security number etc. Using the ClientLoginModule (from a remote java client) I was hoping that I could add addition principals to my Subject and the additional Principals would be available in the server in my custom login module. This isn't the case.
I think I know why now as in the SecurityClientInterceptor.java JBoss does the following:
public Object invoke(org.jboss.aop.joinpoint.Invocation invocation) throws Throwable
| // Get Principal and credentials
| Principal principal = SecurityActions.getPrincipal();
| if (principal != null) invocation.getMetaData().addMetaData("security", "principal", principal);
| Object credential = SecurityActions.getCredential();
| if (credential != null) invocation.getMetaData().addMetaData("security", "credential", credential);
| return invocation.invokeNext();
So it appears that only a Principal and Credential are remoted to the server in the ejb call meta data.
Not that I really know anything about it but I was expecting to see a Subject used rather than a Principal.
I'll investigate using a custom principal.
I can see no way from a remote java client to get information into the options and shared state maps as I understand it, they are purely for purposes of communication between login modules and for configuration options.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4147457#4147457
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4147457
More information about the jboss-user