[jboss-user] [Security] - Re: Caller unauthorized on using a ejb3 statetlesssessionbea

Wolfgang Knauf do-not-reply at jboss.com
Wed Oct 7 09:58:57 EDT 2009


your code seems correct. As we both don't know whether it will work with an Interceptor, I would advice you to make some test: call a servlet and try to perform your login action inside this. If this works, the problems might be a result of some Interceptor problem. If it works not with the servlet, the error lies probably in your security config.

I see that you use username and password to perform the LDAP login. Why not using e.g. form based authentication according to the servlet spec (by declaring a range of secured pages in "web.xml")? JBoss provides a login module against LDAP.

You might read e.g. this (shows all the steps required to secure a web app): http://www.developer.com/security/article.php/3077421/Introduction-to-Securing-Web-Applications-with-JBoss-and-LDAP.htm 
or this (details about the JBoss LDAP login module): http://www.jboss.org/community/wiki/LdapLoginModule

Hope this helps


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4259159#4259159

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4259159

More information about the jboss-user mailing list