• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JBoss EJB Security with credentials from database

 
Florian Schaetz
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I've succesfully deployed an EJB on my JBoss 5.0.1 (including a MySQL datasource for EntityManager). Now I have one last problem before I can start really implementing the business logic itself: Security. I need to use credentials stored in a database (as the users may change every once in a while it doesn't seem like a good idea storing them in a config file) and I would like to use the JBoss EJB Security features. I've done a google search, but I didn't really find a good tutorial on how to do the database-based security check... It would be really great if someone could give me a little shove in the right direction...

Thanks in advance,

Flo
 
Florian Schaetz
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok, after searching a while longer, I found enough hints on how to use the DatabaseServerLoginModule (Am I the only one who thinks that the whole xml-configuration thing is much more time-consuming than the actual coding?). And I noticed that this was the wrong subforum anyway (sorry for that).
 
Peter Johnson
author
Bartender
Posts: 5852
7
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Florian, welcome to Java Ranch!

Thank you for posting the solution to your question.
 
Jaikiran Pai
Marshal
Pie
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Florian Schaetz wrote:Ok, after searching a while longer, I found enough hints on how to use the DatabaseServerLoginModule (Am I the only one who thinks that the whole xml-configuration thing is much more time-consuming than the actual coding?).

That annoys me too!
 
Florian Schaetz
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just in case someone searches for the same thing, here some pointers:

In /server/default/conf/login-config.xml (or something else, if you don't use default), a new application-policy must be added:



DatabaseServerLoginModule tells JBoss to search for the passwords and roles in the database, dsJndiName tells it, what Datasource to use, the both queries must return a password and the roles. The 'Roles' in the second queries has to be there for JBoss.

In the Application, one can use @SecurityDomain("mysqlLogin") for the bean and @RolesAllowed( { "Role1", "Role1" }) for methods or the whole class. It is also possible to ask for the roles by adding...



In the EJB, the sessionContext can be asked sessionContext.isCallerInRole("Role1") for example. Suprisingly, that's pretty much everything I needed (at least, to get it started, of course the possibilities are nearly endless).
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic