File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat - JBOSS Principal Propagation

 
Andrea Gazzarini
Ranch Hand
Posts: 125
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello!
I'm using JBoss 3.2.1 and Tomcat 4.1 (not the jboss embedded version).
There's a simple page login.jsp where the user can login into the application; the auth method used is FORM and the userid & password are validated again a Directory server.
On the web tier the login completes successfully and redirect to a page that calls a stateless session bean

The question is:
1) How I can propagate the Principal obtained by request.getCallerPrincipal()?
I suppose must do this when create InitialContext()..., but I can set on the InitialContext environment only strings.
So I saw the SECURITY_PRINCIPAL property that holds the principal name (my username), but in this way on the EJB (JBoss) tier I must perform the authentication again...and I must do this every time I invoke method on a EJB ???!!!

Help please...
 
Chris Mathews
Ranch Hand
Posts: 2712
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Moving to the JBoss Forum...
 
Frederico Melo
Greenhorn
Posts: 24
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Andrea,

JAAS' security propagation between containers is not well specified actually. This usually is done using a ThreadLocal class wich propagates the authenticated principal to the EJB's stub on a specific container manner.
Jboss client LoginModules uses the class org.jboss.security.SecurityAssociation to make this association. So, in your web LoginModule you have to set your authenticated principal to this class, like the example:

SecurityAssociation.setServer(); //use ThreadLocal

<On your login() method you should use:>

SecurityAssociation.setPrincipal(principal);
SecurityAssociation.setCredential(credential);
SecurityAssociation.setSubject(subject);


Hope this helps.

best regards,

Fred
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic