[jboss-user] [Security & JAAS/JBoss] - How to set EJBContext callerPrincipal from LoginModule?

bhawthorne do-not-reply at jboss.com
Fri Feb 27 11:55:43 EST 2009


We've just migrated our app to JBoss 5 (from 4) and have one last annoyance to resolve. We have an EJB client that uses JNDILoginInitialContextFactory to supply string-based user/password combination. On the server, our custom JAAS login module authenticates, and sets our custom Principal to the group "CallerPrincipal" according to spec. EJBs then see this custom principal in the EJBContext just fine.

With JBoss 5, this no longer works. As I understand, with JBoss 5 we have to perform a SecurityClient login now, and obtain the InitialContext with a NamingContextFactory instead. 

  |    SecurityClient client = SecurityClientFactory.getSecurityClient();
  |    client.setSimple("jdoe", "theduke");
  |    client.login();
  |       
  |    Properties p = new Properties();
  |    p.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
  |    p.put(Context.PROVIDER_URL, "jnp://localhost");
  |    p.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
  | 
  |    InitialContext initialContext = new InitialContext(p);
      
Upon doing so, authentication succeeds, but the EJBContext seems to only get populated with a SimplePrincipal. I narrowed it down a bit and found that the EJBContext is populated with the principal as it is supplied to the SecurityClient. If I set a test custom principal on the SecurityClient
   client.setSimple(new CustomPrincipal("jdoe"), "theduke");

it is propagated to the EJBContext, but this is not a solution, our actual custom principal (User object) is not yet available to the client and cannot be retrieved pre-login.

So how is one supposed to establish a custom callerPrincipal via LoginModule in JBoss 5 now?

Thanks in advance.

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4213808#4213808

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4213808



More information about the jboss-user mailing list