Hello *,
JBoss is really great, but I still got a problem:
After hours of analyzing the sources and stepping through them, I figured
pretty much out how JBoss manages authentication. I was able to write an own
Interceptor and an own LoginModule. Now, nearly all works as it should, but I
don't know how to get some information from the InitialContext properties
HashMap into the InvocationContext HashMap. Do I need to inherit the
ProxyFactory or overwrite the NamingContextFactory or is there an easier way?
Please give me a hint.
Or am I maybe completely on the wrong way?
Here's my scenario: A user logs in to a server and calls a SessionBean's
method. This method should be able to login to a different server (or sometimes
the same), but with a different user name and a different password. In the next
bean method another delegation can happen. Thus, I need a cascading
authentication.
I first thought, JBoss would do that already, but unfortunately, it doesn't: If
I simply work with a LoginContext, it doesn't do what I need:
class ABean {
|
| public delegateToB()
| {
| LoginContext lc = new LoginContext(
| "myApp",
| new UsernamePasswordHandler(
| userDescriptor.userName,
| userDescriptor.password.toCharArray()));
| lc.login();
| B b = BUtil.getHome(getProperties()).create();
| b.doAsDifferentUser();
| b.remove();
| lc.logout();
|
| C c = CUtil.getHome().create();
| c.doAsOriginalUser();
| c.remove();
| }
| }
In this example, I cannot work with the "C" bean anymore, because I'm not
authenticated. And if I omit the lc.logout(), it tries to execute
c.doAsOriginalUser with the wrong user (the one for B).
After some time I found out that JBoss manages only one current principal in
the current thread using SecurityAssociation. Thus, I wrote a client
interceptor which creates an additional thread, performs the authentication on
the new thread and invokes the other interceptors there. This works fine, but
the problem now is that I don't know in the interceptor as which user I should
disguise. I saw that there is a Map in InvocationContext and I wonder how I can
transfer this information from my InitialContextFactory (the factory knows to
which server it should connect as which user) to the interceptor.
I hope that this posting is understandable even though it's already very late
and I'm really tired [;)]
Please help!
Best regards, Marco [;)]
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3860155#3860155
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3860155
-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
