> Im using the DatabaseServerLoginModule, and it works
> quite well.
> When i go to my app in the browser i get the login
> screen, and
> username and password gets verified. This principal
> data is used
> by jBoss to verify access on my EJBs, great!
>
> Now i would like to save the name of the user which
> have logged
> on to the app, and also need to log the user out
> when the logout
> button is pressed. How do i do this? I.e., how do i
> get to the
> LoginContext or Subject in my ejb code, do i go
> through the
> JaasSecurityManager mbean?? I have a feeling this is
> a stupid
> question, but it has confused me a bit :-(
This thema is in deed very confusing. Here my 2 cents
( though I use it with tomcat )
To be able to verify user in ejb, you need to set
security context in bean descriptor
( jboss.xml )
Whe you do login on web context, username and password
are verified
using login context you specified in web application
development descriptor. When your login module gives
OK, returned principal, credential and role sets are
stored away in tomcat ( or jetty ) and used primarily
to check access to web URL's.
When your servlet/jsp code tries access to ejb, those
credentials are propagated to jboss, and are verified
again using security settings specified for the beans
( and those settings are not necessarily the same as
for web context )
To perform logout off web context, you can just
invalidate current session.
You can also throw out any web-context login stuff,
and
obtain login context yourselves, provide necessary
callbacks and call login on context.
(just like in java client examples)
regards,
=====
Konstantin Priblouda ( ko5tik ) Freelance Software developer
< http://www.pribluda.de > < play java games -> http://www.yook.de >
< render charts online -> http://www.pribluda.de/povray/ >
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
