| Author |
JBoss Security Context propagation
|
Andrey Rybak
Greenhorn
Joined: Jun 05, 2004
Posts: 5
|
|
Hello,
Frederico Melo wrote:
JAAS' security propagation between containers is not well specified actually. This usually is done using a ThreadLocal class wich propagates the authenticated principal to the EJB's stub on a specific container manner. Jboss client LoginModules uses the class org.jboss.security.SecurityAssociation to make this association. So, in your web LoginModule you have to set your authenticated principal to this class, like the example: SecurityAssociation.setServer(); //use ThreadLocal <On your login() method you should use:> SecurityAssociation.setPrincipal(principal); SecurityAssociation.setCredential(credential); SecurityAssociation.setSubject(subject);
I've implemented this method my own LoginModule:
public class MyLoginModule extends DatabaseServerLoginModule
{
public MyLoginModule()
{
super();
SecurityAssociation.setServer();
}
public boolean login() throws LoginException
{
boolean login = super.login();
if (login)
{
SecurityAssociation.setPrincipal(getIdentity());
SecurityAssociation.setCredential(getCredentials());
subject.getPublicCredentials().add(getCredentials());
subject.getPrincipals().add(getIdentity());
SecurityAssociation.setSubject(subject);
}
return login;
}
}
I've also chained this login module with ClientLoginModule in my
login-config.xml.
Still I get no SecurityContext in my EJB:
(an exception message)
isCallerInRole() called with no security context. Check that a security-domain has been set for the application.
What's wrong ?
What do I need to do to set up a security domain ?
|
 |
 |
|
|
subject: JBoss Security Context propagation
|
|
|
0
