[jboss-user] [Security & JAAS/JBoss] - Re: JAAS Authentication from stand alone client

eefahs do-not-reply at jboss.com
Tue Sep 2 04:18:41 EDT 2008 

Hi, 

Thanks for the reply and Now I changed my LoginModule to remove the ejb call and ti works perfectly .  again few more clarifications will be helpfull


I have deployed my application as a folder, which contains multiple jar files. and I have specified <security-domain> for only one jar  that is security.jar.   Now the authentication is successfull and my commit  method looks like below

	
  | 
  | public boolean commit() throws LoginException {
  |       if (isloginSucceeded) {
  |             try{
  | 	  Set principals = subject.getPrincipals();
  | 	  principals.add(principal);
  | 	  Group[] roleSets = getRoleSets();
  | 	  for(int g = 0; g < roleSets.length; g ++) {
  |                         Group group = roleSets[g];
  | 	        String name = group.getName();
  | 	        Group subjectGroup = createGroup(name, principals);
  |   	       if( subjectGroup instanceof NestableGroup )	 {
  | 	            SimpleGroup tmp = new SimpleGroup("Roles");
  | 	            subjectGroup.addMember(tmp);
  | 	            subjectGroup = tmp;
  | 	       }
  | 	       Enumeration members = group.members();
  |  	       while( members.hasMoreElements() ) {
  | 	            Principal role = (Principal) members.nextElement();
  |     	           subjectGroup.addMember(role);
  | 	       }
  | 	  }
  | 	 isprincipalsInSubject = true;
  |           }catch(Exception e){
  | 	e.printStackTrace();
  |          }
  |          return true;
  |      } else {
  | 	return false;
  |      }
  | }
  | 	

Now,   I want to lookup a ejb of my security.jar from another jar file. I added correct <security-role-ref> entries   but I am getting the error as 

anonymous wrote : 	Caused by: javax.security.auth.login.LoginException: Username not supplied.
  |         at com.ibsplc.iRes.security.jboss.db.JDbLoginModuleImpl.throwLoginException(JDbLoginModuleImpl.java:322)
  |         at com.ibsplc.iRes.security.jboss.db.JDbLoginModuleImpl.getUserName(JDbLoginModuleImpl.java:368)
  |         at com.ibsplc.iRes.security.jboss.db.JDbLoginModuleImpl.login(JDbLoginModuleImpl.java:164)        

So it is again calling CallBackHandler for getting the username and password.  How can I avoid this? How can I cache the Callback details. 


Thanks in advance


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4173674#4173674

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4173674

More information about the jboss-user mailing list