File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JBoss/WildFly and the fly likes Tomcat - JBOSS Principal Propagation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "Tomcat - JBOSS Principal Propagation " Watch "Tomcat - JBOSS Principal Propagation " New topic
Author

Tomcat - JBOSS Principal Propagation

Andrea Gazzarini
Ranch Hand

Joined: Sep 09, 2002
Posts: 125
Hello!
I'm using JBoss 3.2.1 and Tomcat 4.1 (not the jboss embedded version).
There's a simple page login.jsp where the user can login into the application; the auth method used is FORM and the userid & password are validated again a Directory server.
On the web tier the login completes successfully and redirect to a page that calls a stateless session bean

The question is:
1) How I can propagate the Principal obtained by request.getCallerPrincipal()?
I suppose must do this when create InitialContext()..., but I can set on the InitialContext environment only strings.
So I saw the SECURITY_PRINCIPAL property that holds the principal name (my username), but in this way on the EJB (JBoss) tier I must perform the authentication again...and I must do this every time I invoke method on a EJB ???!!!

Help please...


Regards,<br />Andrea<br /> <br /><a href="http://www.linkedin.com/in/andreagazzarini" target="_blank" rel="nofollow">Andrea Gazzarini</a><br />Skype ID : gazzax72<br />Google Talk ID : a.gazzarini@gmail.com<br /><a href="http://www.andreagazzarini.blogspot.com" target="_blank" rel="nofollow">My Blog</a>
Chris Mathews
Ranch Hand

Joined: Jul 18, 2001
Posts: 2712
Moving to the JBoss Forum...
Frederico Melo
Greenhorn

Joined: Mar 15, 2004
Posts: 24
Andrea,

JAAS' security propagation between containers is not well specified actually. This usually is done using a ThreadLocal class wich propagates the authenticated principal to the EJB's stub on a specific container manner.
Jboss client LoginModules uses the class org.jboss.security.SecurityAssociation to make this association. So, in your web LoginModule you have to set your authenticated principal to this class, like the example:

SecurityAssociation.setServer(); //use ThreadLocal

<On your login() method you should use:>

SecurityAssociation.setPrincipal(principal);
SecurityAssociation.setCredential(credential);
SecurityAssociation.setSubject(subject);


Hope this helps.

best regards,

Fred


Frederico Melo<br />--------------<br />Software Architect<br />Sun Certified Enterprise Architect for J2EE<br />IBM Rational Unified Process Specialist
 
Consider Paul's rocket mass heater.
 
subject: Tomcat - JBOSS Principal Propagation