[jboss-user] [EJB 3.0] - JAAS + EJB3.0 + Jboss unable to propaogate

Wolfgang Knauf do-not-reply at jboss.com
Wed Jul 7 06:29:00 EDT 2010

Wolfgang Knauf [http://community.jboss.org/people/WolfgangKnauf] replied to the discussion

"JAAS + EJB3.0 + Jboss unable to propaogate"

To view the discussion, visit: http://community.jboss.org/message/551439#551439


I think you could use a simpler approach to your login module, as you need the standard functionality of username + password plus an additional EJB access check.

So, your login module could be a subclass of e.g. "org.jboss.security.auth.spi.DatabaseServerLoginModule" (source code e.g. here:  http://www.docjar.com/html/api/org/jboss/security/auth/spi/DatabaseServerLoginModule.java.html http://www.docjar.com/html/api/org/jboss/security/auth/spi/DatabaseServerLoginModule.java.html ) , and you might add your own EJB access check to an override of "getRoleSets":

protected Group[] getRoleSets() throws LoginException
  String username = getUsername();
  Group[] roleSets = super.getRoleSets();

  //Try to access EJB here:
  if ( ejbaccessFail)
    roleSets = new Group[0];

  return roleSets;

If the EJB access fails with a security exception, you could return an empty RoleSet.

Think about it, hopefully your security config will become much easier by this, and hopefully error detection will be easier.

By the way: to configure your login module, you might use this approach, too (you need 5.1 for this):  http://server.dzone.com/articles/security-features-jboss-510 http://server.dzone.com/articles/security-features-jboss-510

Best regards



Reply to this message by going to Community

Start a new discussion in EJB 3.0 at Community

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100707/a6a7e715/attachment.html 

More information about the jboss-user mailing list