It's not a secret anymore!*
The moose likes Security and the fly likes Credentials not passed into EJB Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Credentials not passed into EJB" Watch "Credentials not passed into EJB" New topic
Author

Credentials not passed into EJB

John KurtzMan
Greenhorn

Joined: Apr 20, 2012
Posts: 1
All:

We would like to pass in some credentials (either public or private) into an EJB to pass in meta data about the user (certificate, etc). Using a custom login module, on the client side the code is

Subject subject = loginContext.getSubject();
CustomCred credential = new CustomCred();
subject.getPrivateCredentials().add(credential);
subject.getPublicCredentials().add(credential);

============================
Within the EJB, I am trying to pull out the credential thus:

Subject caller = (Subject) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
Set<?> privateSet = caller.getPrivateCredentials();
Set<?> publicSet = caller.getPrivateCredentials();

=====

The credentials do not show up, but the subject does, as I can get the principal out. I have tried this on glassfish 3.1 and JBoss 5.1, with the same results. Glassfish does put in some authentication information within the private credential, but JBoss does not. Neither seems to support passing in meta data via credentials.

My questions are:
1. Am I doing this correctly?
2. Are Credentials supported in Glassfish or JBoss?
3. If not supported, are there other ways of passing in user meta data?

Thank you in advance

John
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Credentials not passed into EJB
 
Similar Threads
Basic Websphere Security Questions
EJB Security: Not getting correct name in Principal
Problem in securing EJB modules
Singleton pattern
j_security_check???????