Scott,
My code snippets has hard-coded username/password that works fine on commandline, but failed when I execute as a Java Bean in JSP.
Thanks!
/*
* EJBJaasClient.java
*
* Created on March 6, 2001, 11:55 AM
*/
package com.starmedia.helix.client;
import javax.naming.*;
import java.io.IOException;
import javax.rmi.PortableRemoteObject;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import java.rmi.RemoteException;
import javax.rmi.PortableRemoteObject;
import java.util.Properties;
import java.util.MissingResourceException;
import java.util.ResourceBundle;
import java.io.IOException;
import javax.ejb.*;
import com.starmedia.helix.search.*;
import java.io.*;
import org.jboss.security.auth.callback.UsernamePasswordHandler;
/**
*
* @author ernest
* @version
*/
public class EJBJaasClient {
public static final String EJBCLIENT_CONFIG_BUNDLE = "EJBJaasClient";
static class AppCallbackHandler implements CallbackHandler
{
private String username;
private char[] password;
public AppCallbackHandler(String username, char[] password)
{
this.username = username;
this.password = password;
}
public void handle(Callback[] callbacks) throws
java.io.IOException, UnsupportedCallbackException
{
for (int i = 0; i < callbacks.length; i++)
{
if (callbacks[i] instanceof NameCallback)
{
NameCallback nc = (NameCallback)callbacks[i];
nc.setName(username);
}
else if (callbacks[i] instanceof PasswordCallback)
{
PasswordCallback pc = (PasswordCallback)callbacks[i];
pc.setPassword(password);
}
else
{
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
}
}
}
}
/*
static void secureLogin (String lcName, String name, char[] password) {
try {
UsernamePasswordHandler handler = new UsernamePasswordHandler(name, password);
LoginContext lc = new LoginContext(lcName, handler);
lc.login();
}
catch (LoginException le)
{
System.out.println("Login failed");
le.printStackTrace();
}
}
*/
static void secureLogin (String lcName, String name, char[] password) {
try {
AppCallbackHandler handler = new AppCallbackHandler(name, password);
LoginContext lc = new LoginContext(lcName, handler);
System.out.println("Created LoginContext " + lcName + " for user " + name);
lc.login();
}
catch (LoginException le)
{
System.out.println("Login failed");
le.printStackTrace();
}
}
public static InitialContext getInitialContext(String resourceFile) throws javax.naming.NamingException,Exception {
ResourceBundle bundle = ResourceBundle.getBundle(resourceFile);
try {
Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, bundle.getString("INITIAL_CONTEXT_FACTORY"));
props.put(Context.URL_PKG_PREFIXES, bundle.getString("URL_PKG_PREFIXES"));
props.put(Context.PROVIDER_URL, bundle.getString("PROVIDER_URL"));
System.out.println("Connecting to " + bundle.getString("PROVIDER_URL"));
System.setProperty("java.security.auth.login.config", bundle.getString("AUTH_CONFIG_FILE"));
String userName = bundle.getString("AUTH_USER");
String password = bundle.getString("AUTH_PASSWORD");
String lcName = bundle.getString("LOGIN_CONTEXT_NAME");
secureLogin(lcName, userName, password.toCharArray());
return new InitialContext(props);
} catch (MissingResourceException me) {
return null;
}
}
/*
public static InitialContext getInitialContext() throws javax.naming.NamingException,Exception {
return getInitialContext(EJBCLIENT_CONFIG_BUNDLE);
}
*/
public static Object getHomeObject(String jndiName) {
return getHomeObject(EJBCLIENT_CONFIG_BUNDLE, jndiName);
}
public static Object getHomeObject(String resourceFile, String jndiName) {
try {
InitialContext jndiContext = getInitialContext(resourceFile);
Object ref = jndiContext.lookup(jndiName);
return ref;
} catch (NamingException ne) {
ne.printStackTrace();
} catch (Exception e) {e.printStackTrace();}
return null;
}
public static void main (String args[]) {
Object ref = EJBJaasClient.getHomeObject("search/SearchBroker");
SearchBrokerHome home = (SearchBrokerHome)
PortableRemoteObject.narrow(ref, SearchBrokerHome.class);
System.out.println("Got search broker home: " + home);
try {
SearchBroker broker = home.create();
System.out.println("create()");
} catch (RemoteException re) {
System.out.println("Unable to get broker");
re.printStackTrace();
} catch (CreateException e) {
System.out.println("Unable to create broker object");
e.printStackTrace();
}
}
}
My EJBClient.properties resource bundle file
----------------------------------------------------------------
# Sample ResourceBundle properties file
INITIAL_CONTEXT_FACTORY=org.jnp.interfaces.NamingContextFactory
PROVIDER_URL=localhost:1099
URL_PKG_PREFIXES=org.jnp.interfaces
LOGIN_CONTEXT_NAME=helix
AUTH_PASSWORD=xxxxxxx
AUTH_USER=BATCHAPP
AUTH_CONFIG_FILE=/japps/JBoss-2.2.2_Tomcat-3.2.2/jboss/client/auth.conf
-----Original Message-----
From: Scott M Stark [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 13, 2001 3:38 PM
To: [EMAIL PROTECTED]
Subject: Re: [JBoss-user] distributed security with JAAS
With the 1.1 security model you would have to assign a role
like ReadOnly to those methods and you would have to assign
the ReadOnly role to the anonymous users. An unauthenticated
user ends up passing a null principal and credential and this is
currently rejected before consulting the security manager and
in turn your login module. The next version will not make a check
for a null principal and will simply let the security manager decide
if this is valid or not.
What's the code snipet your trying to use in a servlet to set the
anonymous user that is not working? Most likely the problem
is classpath setup so show what exceptions are being generated.
----- Original Message -----
From: "Ernest Chen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 13, 2001 8:41 AM
Subject: [JBoss-user] distributed security with JAAS
> Hi,
>
> Hopefully someone can help me.
>
> I have successfully deployed a web based admin tools in
> JBOSS-2.2.2_Tomcat-3.2.2 using Jaas based security. My own UserLoginModule
> worked like a charm. However other web applications and admin tools need to
> access the same set of secured EJBs, I've tried many times without success
> to have a mixed of secured and unsecured access to my beans from different
> web apps, what I basically need is to allow anonymous login for readonly
> access. Does anyone have any clue what I should do?
>
> My ideal set up would be as follows
> ===========================
>
> [Tomcat] with public web applications (no security) Machine 1.
> |
> [[[jBoss]]] --> [custom jaas user login module] --> [Oracle DB] Machine
> 2a, Machine 2b
> |
> [Tomcat] with secured web applications for administrators Machine 3
>
> All my beans are secured using jaas:/custom. I have created a standalone
> java application with hard-coded username/password and it connects well with
> JBoss, however the same code placed in a web application failed miserably.
> any idea?
>
> Is it possible to secure all write methods but allow read methods to be
> public?
>
> I know it's a lot of questions, thanks for your patience.
>
> Ernest
>
> P.S. I'm pushing very hard for my company to standardize on jBoss,
> eventually if this application prevails the entire department of about 50
> engineers can become dedicated jBoss users. - go jBoss
>
>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
