This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JBoss Security Context propagation

 
Andrey Rybak
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

Frederico Melo wrote:

JAAS' security propagation between containers is not well specified actually. This usually is done using a ThreadLocal class wich propagates the authenticated principal to the EJB's stub on a specific container manner.
Jboss client LoginModules uses the class org.jboss.security.SecurityAssociation to make this association. So, in your web LoginModule you have to set your authenticated principal to this class, like the example:

SecurityAssociation.setServer(); //use ThreadLocal

<On your login() method you should use:>

SecurityAssociation.setPrincipal(principal);
SecurityAssociation.setCredential(credential);
SecurityAssociation.setSubject(subject);




I've implemented this method my own LoginModule:



public class MyLoginModule extends DatabaseServerLoginModule
{
public MyLoginModule()
{
super();
SecurityAssociation.setServer();
}

public boolean login() throws LoginException
{
boolean login = super.login();

if (login)
{
SecurityAssociation.setPrincipal(getIdentity());
SecurityAssociation.setCredential(getCredentials());

subject.getPublicCredentials().add(getCredentials());
subject.getPrincipals().add(getIdentity());
SecurityAssociation.setSubject(subject);
}

return login;
}
}

I've also chained this login module with ClientLoginModule in my
login-config.xml.

Still I get no SecurityContext in my EJB:

(an exception message)
isCallerInRole() called with no security context. Check that a security-domain has been set for the application.

What's wrong ?
What do I need to do to set up a security domain ?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic