"[EMAIL PROTECTED]" wrote : If you don't want the use the embedded NameCallback, PasswordCallback of the ClientLoginModule you chain it with an login module that provides the correct Principal and credentidal. You then specify the password-stacking="useFirstPass" option to indicate that the credentials to pass come from the first login module: Thank you both for the kind replies. But I'm not sure I understand. Scott, it seems that your solution works well on the client side. But as I understand it, the client's JAAS context is entirely decoupled from the server-side context that JBoss uses to authenticate EJB calls. What I'm most concerned with is what happens on the server side.
Here's some background, in the hopes that it'll help the discussion. The U.S. Army has a centralized user database called AKO, published as an LDAP directory. We allow anyone with an AKO account to access our application. But we can't rely on this alone -- we will have many non-Army users without AKO accounts, and since we of course do not have direct control over the AKO database, we have to also maintain our own database of locally-added users. When a user visits the login form, then, after typing in a username and password they have to specify whether they're trying to log in with a "local" account (in our local database) or an AKO account. This way we know where to look for the user's password: either in the database, or over LDAP. In another twist, our application is geared to allow the creation of "one-time passwords." When using a one-time password, a client can provide a key and the password rather than a username and the "real" password. So clearly I need to pass more information to the server-side login modules. It's my (perhaps incorrect?) understanding that ClientLoginModule (and, in turn, SecurityAssociation) only accept two strings: username and password. They take this information and store it internally so that any future RMI calls are loaded. Then JBoss' RMI code on the server side extracts the username and password, creates a UseramePasswordHandler and starts the JAAS chain. So, on the client side, how would I tell the JBoss client library "hey, I need to pass not only this username and this password, but also this extra third string, over to the server next time I make an RMI call?" And then how would I reconstruct that information at the server? (I'm aware that many people have misgivings about the U.S. military. Please accept my assurances that this project is utterly peaceful in nature, related to infrastructure development rather than combat.) View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3840986#3840986 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3840986 ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
