No, obviously you would never need to
login twice in a row. I just thought you could use your own login module _instead_ of the ClientLoginModule, which
you cannot.
That surprises me since if my MBean logs
in using my custom JAAS module and succeed there is no reason for JBoss to deny
me access to my EJBs. If a Swing client can log in using my custom JAAS module,
I think it is reasonable to expect that an MBean can aswell – the way I
see it, the Swing client and the MBean are just two separate clients of the EJBs,
so why should they be treated differently… ideally speaking?
Randahl
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Scott M Stark
Sent: 3. oktober 2002 00:34
To:
[EMAIL PROTECTED]
Subject: Re: [JBoss-user] How to
log in from an MBean
You can use your own login module,
but to propagate the credentials to the ejb
container you must include the
ClientLoginModule as well. Presumably the
security domain associated with the
ejb is also executing your login module
xxxxxxxxxxxxxxxxxxxxxxxx
Scott Stark
Chief Technology Officer
JBoss Group, LLC
xxxxxxxxxxxxxxxxxxxxxxxx
----- Original Message -----
Sent: Wednesday,
October 02, 2002 3:01 PM
Subject: RE:
[JBoss-user] How to log in from an MBean
Problem
solved! As written in earlier posts I tried to use my own JAAS login module
configuration “myDomain” for the MBean login. This is NOT in
accordance with page 276 of the JBossBook_30x (see below… “the only
supported mechanism”).
Solution:
I simply switched from “myDomain” to “client-login”
when creating my LoginContext.
However,
I am curious why my original solution is not allowed by JBoss… is that a
bug or a feature? – I must admit that the JBoss way works, so no problem
there… still, why can’t I use my own login module configuration
which carries out _real_
authentication rather than just setting the Principal (as the client-login
module configuration does).
Randahl
Extract
from JBossBook_30x:
The ClientLoginModule is
an implementation of LoginModule for use by JBoss clients for the
estab-lishment of the caller identity and credentials. This simply sets the org.jboss.security.SecurityAssoci-ation.principal
to the value of the NameCallback filled in by the CallbackHandler,
and the org.jboss.security.SecurityAssociation.credential to the
value of the PasswordCallback filled in by the CallbackHandler. This is
the only supported mechanism for a client to establish the current thread's
caller.
-----Original Message-----
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Scott M Stark
Sent: 2. oktober 2002 19:57
To:
[EMAIL PROTECTED]
Subject: Re: [JBoss-user] How to
log in from an MBean
Post a testcase to sourceforge attached
to a bug report.
xxxxxxxxxxxxxxxxxxxxxxxx
Scott Stark
Chief Technology Officer
JBoss Group, LLC
xxxxxxxxxxxxxxxxxxxxxxxx
----- Original Message -----
Sent: Wednesday,
October 02, 2002 10:50 AM
Subject: RE:
[JBoss-user] How to log in from an MBean
Well, it
IS done in the same thread. My MBean starts 1 thread which has a run method
which starts out by logging in and attempting to access my EJBs – then I
get the security exception. I am using JBoss 3.0.2.
Randahl