RE: [JBoss-user] How to log in from an MBean

[Randahl Fink Isaksen]

No, obviously you would never need to login twice in a row. I just thought you could use your own login module _instead_ of the ClientLoginModule, which you cannot.   That surprises me since if my MBean logs in using my custom JAAS module and succeed there is no reason for JBoss to deny me access to my EJBs. If a Swing client can log in using my custom JAAS module, I think it is reasonable to expect that an MBean can aswell – the way I see it, the Swing client and the MBean are just two separate clients of the EJBs, so why should they be treated differently… ideally speaking?     Randahl   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Scott M Stark Sent: 3. oktober 2002 00:34 To: [EMAIL PROTECTED] Subject: Re: [JBoss-user] How to log in from an MBean   You can use your own login module, but to propagate the credentials to the ejb container you must include the ClientLoginModule as well. Presumably the security domain associated with the ejb is also executing your login module so why do it twice?   xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: Randahl Fink Isaksen To: [EMAIL PROTECTED] Sent: Wednesday, October 02, 2002 3:01 PM Subject: RE: [JBoss-user] How to log in from an MBean   Problem solved! As written in earlier posts I tried to use my own JAAS login module configuration “myDomain” for the MBean login. This is NOT in accordance with page 276 of the JBossBook_30x (see below… “the only supported mechanism”).   Solution: I simply switched from “myDomain” to “client-login” when creating my LoginContext.   However, I am curious why my original solution is not allowed by JBoss… is that a bug or a feature? – I must admit that the JBoss way works, so no problem there… still, why can’t I use my own login module configuration which carries out _real_ authentication rather than just setting the Principal (as the client-login module configuration does).   Randahl         Extract from JBossBook_30x:   The ClientLoginModule is an implementation of LoginModule for use by JBoss clients for the estab-lishment of the caller identity and credentials. This simply sets the org.jboss.security.SecurityAssoci-ation.principal to the value of the NameCallback filled in by the CallbackHandler, and the org.jboss.security.SecurityAssociation.credential to the value of the PasswordCallback filled in by the CallbackHandler. This is the only supported mechanism for a client to establish the current thread's caller.           -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Scott M Stark Sent: 2. oktober 2002 19:57 To: [EMAIL PROTECTED] Subject: Re: [JBoss-user] How to log in from an MBean   Post a testcase to sourceforge attached to a bug report.   xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: Randahl Fink Isaksen To: [EMAIL PROTECTED] Sent: Wednesday, October 02, 2002 10:50 AM Subject: RE: [JBoss-user] How to log in from an MBean   Well, it IS done in the same thread. My MBean starts 1 thread which has a run method which starts out by logging in and attempting to access my EJBs – then I get the security exception. I am using JBoss 3.0.2.   Randahl