[jboss-user] [Security & JAAS/JBoss] - Secure EJBs and unsecure Servlets

OrangeMetallicFrog do-not-reply at jboss.com
Fri Dec 19 11:03:37 EST 2008

Hello again.

Having read through my last post, I realised it wasn't really very clear what I was doing/having a problem with.  Hopefully now it isn't so early in the day I can be a bit clearer!

So, I have an EJB that I have secured.  I can connect to this through my remote client.  The remote client has a jndi.properties file that defines the various values for the principal, credentials, factory.initial, etc.  This is working fine.

Then I've got a servlet that I'm using as a webservice.  This takes a couple of parameters for the principal and credentials.  This then calls

  | Hashtable env = new Hashtable();
  | env.put("java.naming.security.principal", principal);
  | env.put("java.naming.security.credentials", credentials);
  | nameCtxt = new InitialContext(env);

The nameCtxt returned is then used to perform a lookup of the secure EJB and that's when the problems start due to security.

I've dumped out the values of the context and they are
java.naming.factory.initial = org.jnp.interfaces.NamingContextFactory
java.naming.factory.url.pkg = org.jboss.naming:org.jnp.interfaces:org.jboss.naming:org.jnp.interfaces:org.jboss.naming:org.jnp.interfaces (I'm not sure why these are repeated 3 times)
java.naming.security.principal = MyPrincipal
java.naming.security.credentials = MyCredentials
java.naming.security.protocol = mySecurity

The value for protocol is coming from my jndi.properties file that I've included in the ear file that this is all bundled up into as I thought that might have been the problem.

This is really starting to drive me crazy!  I'm sure I must just be missing something simple, but I don't know what.



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4197686#4197686

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4197686

More information about the jboss-user mailing list