[JBoss-user] How to use a principal from a webapp for securing ejb calls

Fri, 10 Jan 2003 06:01:59 -0800 

We have developed a multitier app (cmdline clients, webclients, ejb business
layer and db layer). Running all on a jboss 3.0.3; the webclients are
developed using struts 1.1; the complete application can be put in one ear
file.

The access to the webbclients is controlled by a form-based authentication
with a security-domain configured via login-config.xml:

   <application-policy name = "GatewayRealm">      
        <authentication>        
                <login-module code
="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
                        <module-option name
="dsJndiName">java:/CloudscapeDS</module-option>          
                        <module-option name = "principalsQuery">select
PASSWORD from PERSON p where p.USERNAME=? and p.LOCKED=false</module-option>
                        <module-option name = "rolesQuery">select
r.ROLE,'Roles' from PERSON_ROLE_ROLE_PERSON_ROLE r, PERSON p where
p.USERNAME=? AND p.PERSONNO=r.PERSON</module-option>
                </login-module>      
        </authentication>    
    </application-policy> 

This works all very well.

Now we would like to use declarative Security for our EJBs (with the same
realm). But we don't know how to use the principal (we have in each request
of my webclients) to authenticate against the ejb container.

Do we have to build our own Hashtable h with 

...
h.put(javax.naming.CONTEXT.SECURITY_PRINCIPAL , request.getUserPrincipal());
...

ctx = new InitialContext(h)

and saving this ctx in a session attribute of my webclient to use for
further lookups?

If this is the way, we become trouble with our implementation of the
ServiceLocator pattern. Our ServiceLocator class is a Singelton and results
the home interfaces of our EJBs. The InitialContext is stored once in an
instance variable.

Could anyone give us a short description of the right way or send us an url
of an example app?

Thank you
Sven


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to