These two mechanisms should behave the same provided that the Bill2Realm configuration
includes the org.jboss.security.ClientLoginModule. If it does not then you will see the
principal=null issue. Using the SecurityAssociation as a public api is not supported
and
when run with a security manager, will require the assignment of permissions to the
application code that will not generally be allowed.
xxxxxxxxxxxxxxxxxxxxxxxx
Scott Stark
Chief Technology Officer
JBoss Group, LLC
xxxxxxxxxxxxxxxxxxxxxxxx
----- Original Message -----
From: "Brian Topping" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, June 15, 2003 9:36 AM
Subject: RE: [JBoss-user] JBossSX in a cluster
Thanks Scott. I didn't think I'd found a bug, but that I am wasn't
configuring something correctly.
It turns out that my "client" was running as a servlet. The client login
code that is demonstrated in the jboss doco and was in my servlet is
overridden by the web container Principal/Credential. Since no login was
made there, the principal/credential were null.
What was strange about the situation is calls to the EJB container from the
web container worked fine so long as the EJB container was under the same
JVM. Once the two were split, the calls stopped working. My problem arose
because there are EJBs that are both local to the web JVM and in a different
machine from it. So it was strange that the calls locally were working and
the ones remotely were not. That may be an undocumented feature/bug, but I
don't know the semantics of the calls as well as I should to determine that.
In the end, I replaced:
AppCallbackHandler handler = new AppCallbackHandler("initial",
"initial");
LoginContext lc = new LoginContext("Bill2Realm", handler);
lc.login();
// lookup, etc.
with:
AuthenticationManager sm = getSecurityManager();
SimplePrincipal principal = new SimplePrincipal("initial");
if (sm.isValid(principal, "initial")) {
if (log.isDebugEnabled()) {
log.debug("positive auth from JBoss");
}
SecurityAssociation.setPrincipal(principal);
SecurityAssociation.setCredential("initial".toCharArray());
}
// lookup, etc.
I'm not sure if this is a really ugly hack or the right way to be doing this,
but it seems to be working okay. If there's a better way to be doing it (I'm
also doing this in some app-managed form login code), I'm all ears.
Thanks again for your help,
Brian
-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
