[jboss-user] [EJB 3.0] - JAAS + EJB3.0 + Jboss unable to propaogate

Wolfgang Knauf do-not-reply at jboss.com
Wed Jul 7 06:29:00 EDT 2010 

Wolfgang Knauf [http://community.jboss.org/people/WolfgangKnauf] replied to the discussion

"JAAS + EJB3.0 + Jboss unable to propaogate"

To view the discussion, visit: http://community.jboss.org/message/551439#551439

--------------------------------------------------------------
Hi,

I think you could use a simpler approach to your login module, as you need the standard functionality of username + password plus an additional EJB access check.

So, your login module could be a subclass of e.g. "org.jboss.security.auth.spi.DatabaseServerLoginModule" (source code e.g. here:  http://www.docjar.com/html/api/org/jboss/security/auth/spi/DatabaseServerLoginModule.java.html http://www.docjar.com/html/api/org/jboss/security/auth/spi/DatabaseServerLoginModule.java.html ) , and you might add your own EJB access check to an override of "getRoleSets":

@Override
protected Group[] getRoleSets() throws LoginException
 {
  String username = getUsername();
  Group[] roleSets = super.getRoleSets();

  //Try to access EJB here:
  if ( ejbaccessFail)
  {
    roleSets = new Group[0];
  }

  return roleSets;
}

If the EJB access fails with a security exception, you could return an empty RoleSet.

Think about it, hopefully your security config will become much easier by this, and hopefully error detection will be easier.

By the way: to configure your login module, you might use this approach, too (you need 5.1 for this):  http://server.dzone.com/articles/security-features-jboss-510 http://server.dzone.com/articles/security-features-jboss-510

Best regards

Wolfgang

--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/551439#551439]

Start a new discussion in EJB 3.0 at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2029]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100707/a6a7e715/attachment.html

More information about the jboss-user mailing list