This week's book giveaway is in the Agile and other Processes forum.
We're giving away four copies of The Mikado Method and have Ola Ellnestam and Daniel Brolund on-line!
See this thread for details.
The moose likes JBoss and the fly likes JBoss EJB Security with credentials from database Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of The Mikado Method this week in the Agile and other Processes forum!
JavaRanch » Java Forums » Products » JBoss
Reply Bookmark "JBoss EJB Security with credentials from database" Watch "JBoss EJB Security with credentials from database" New topic
Author

JBoss EJB Security with credentials from database

Florian Schaetz
Greenhorn

Joined: Oct 14, 2009
Posts: 11
posted private message
0
Quote
Hi,

I've succesfully deployed an EJB on my JBoss 5.0.1 (including a MySQL datasource for EntityManager). Now I have one last problem before I can start really implementing the business logic itself: Security. I need to use credentials stored in a database (as the users may change every once in a while it doesn't seem like a good idea storing them in a config file) and I would like to use the JBoss EJB Security features. I've done a google search, but I didn't really find a good tutorial on how to do the database-based security check... It would be really great if someone could give me a little shove in the right direction...

Thanks in advance,

Flo
Florian Schaetz
Greenhorn

Joined: Oct 14, 2009
Posts: 11
posted private message
0
Quote
Ok, after searching a while longer, I found enough hints on how to use the DatabaseServerLoginModule (Am I the only one who thinks that the whole xml-configuration thing is much more time-consuming than the actual coding?). And I noticed that this was the wrong subforum anyway (sorry for that).
Peter Johnson
author
Bartender

Joined: May 14, 2008
Posts: 5536

I like...
Android Eclipse IDE Ubuntu
posted
0
Quote
Florian, welcome to Java Ranch!

Thank you for posting the solution to your question.

JBoss In Action
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 8143
    
  52

I like...
IntelliJ IDE Ubuntu
posted private message
0
Quote
Florian Schaetz wrote:Ok, after searching a while longer, I found enough hints on how to use the DatabaseServerLoginModule (Am I the only one who thinks that the whole xml-configuration thing is much more time-consuming than the actual coding?).

That annoys me too!
[My Blog] [JavaRanch Journal]
Florian Schaetz
Greenhorn

Joined: Oct 14, 2009
Posts: 11
posted private message
0
Quote
Just in case someone searches for the same thing, here some pointers:

In /server/default/conf/login-config.xml (or something else, if you don't use default), a new application-policy must be added:



DatabaseServerLoginModule tells JBoss to search for the passwords and roles in the database, dsJndiName tells it, what Datasource to use, the both queries must return a password and the roles. The 'Roles' in the second queries has to be there for JBoss.

In the Application, one can use @SecurityDomain("mysqlLogin") for the bean and @RolesAllowed( { "Role1", "Role1" }) for methods or the whole class. It is also possible to ask for the roles by adding...



In the EJB, the sessionContext can be asked sessionContext.isCallerInRole("Role1") for example. Suprisingly, that's pretty much everything I needed (at least, to get it started, of course the possibilities are nearly endless).
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JBoss EJB Security with credentials from database
 
Similar Threads
How to change user credentials when accessing DB
Cade example - where is security handled?
Having major problems setting up a user on JNDI Security using JBoss 5
tomcat JSP engine from weblogic 7
Best JBoss book