[jboss-user] [Security & JAAS/JBoss] - After Login standalone client -> getCallerPrincipal on JBos

Thu, 04 Sep 2008 11:52:29 -0700 

Hi all,
i have wrote a client side LoginModule which aquires a Kerberos Service Ticket 
and than "send it" to JBoss. This works with the SecurtiyAssociationActions (i 
have copied the class to the client...i know, its not very good...), the same 
way like the ClientLoginModule do this:

SecurityAssociationActions.setPrincipalInfo(loginPrincipal, loginCredential, 
subject);

the loginCredential contains the kerberos Service Ticket. This is done by the 
KerberosClientLoginModule class.

Then, on the servcer side i use the Service Ticket to authenticate the user 
(with win2k3 server exchange and Java GSS-API functions). This is done by the 
KerberosJBossLoginModule. It works fine. After thats done I use the 
IdentityRoleMappingLoginModule to obtain the roles from my database with help 
of the username. only the name of the user (the database don't contains 
information about the service ticket, but except for the username) is used for 
this.It works fine to. This Modlue depends on the DatabaseLoginModule and do 
following with the obtained (correct) username:

                                
sharedState.put("javax.security.auth.login.name",identity);
But then i want to use the sessionContext.getCallerPrincipal in the ejb and i 
get an empty String. Furthermore is use the ClientLoginModule and third 
loginModule like following:

<application-policy name="orga-security">
  |     <authentication>
  |             <login-module 
code="com.mgsoftech.orga.security.KerberosJBossLoginModule"                     
  flag="requisite">
  |                     <module-option name="storeKey">true</module-option>
  |                     <module-option name="isInitiator">false</module-option>
  |                     <module-option name="krbRealm">myDomain</module-option>
  |                     <module-option name="name">JBossUserName</module-option>
  |                     <module-option name="password">JBossPW</module-option>
  |                     <module-option 
name="kdcAddress">ipAddres</module-option>
  |                     <module-option name="debug">true</module-option>
  |             </login-module>
  |             <login-module   
code="com.mgsoftech.orga.security.IdentityRoleMappingLoginModule"
  |                             flag="required">
  |                     <module-option name="password-stacking">
  |                             useFirstPass
  |                     </module-option>
  |                     <module-option name="dsJndiName">
  |                             workingDBName
  |                     </module-option>
  |                     <module-option name="rolesQuery"> workingRolesQuery
  |                     </module-option>
  |             </login-module>
  |              <login-module code="org.jboss.security.ClientLoginModule" 
flag="required">
  |                     <module-option name="password-stacking">
  |                             useFirstPass
  |                     </module-option>
  |                     <module-option name="multi-threaded">
  |                             true
  |                     </module-option>
  |             </login-module>
  |     </authentication>
  | </application-policy>

but sessionContext.getCallerPrincipal don't work, although i use the 
clientLoginModule...:(
do anybody know what i could do wrong?

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4174406#4174406

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4174406
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to