[JBoss-user] [Security & JAAS/JBoss] - JAAS and JBoss Security Design

Wed, 09 Feb 2005 13:01:35 -0800 

The following is from my LoginAction class:

  | try
  |         {
  |             SecurityAssociationHandler handler = new
  |             SecurityAssociationHandler();
  |             SimplePrincipal user = new SimplePrincipal(username);
  |             handler.setSecurityInfo(user, password.toCharArray());
  |             LoginContext loginContext = new LoginContext("MySqlDBRealm", 
(CallbackHandler)handler);
  |             loginContext.login();
  |             Subject subject = loginContext.getSubject();
  |             Set principals = subject.getPrincipals();
  |             principals.add(user);
  |             
  |             InitialContext ctx = new InitialContext();
  |             Logon logon = (Logon) ctx.lookup(Logon.class.getName());
  |             System.out.println("Addition: "+logon.add(2, 2));
  |             System.out.println("Subtract: "+logon.subtract(4, 2));
  |             
  |         }catch(Exception e)
  |         { 
  |             System.out.println("Incorrect password or username");
  |         }
  | 

Sorry it is difficult to explain.  I am sure I am not properly thinking.  What 
I want to know is that I can successfully execute my EJB since I logged in, but 
if another class was to excute the methods on the EJB, I get a principal=null 
error.  What I want to know is do I put the LoginContext variable in my session 
scope?  If I don't than do I have to login each time before I execute a call in 
the EJB. In a web application you log the user in once.  After that you would 
probably put something in the session scope to avoid them having to log in 
again and again.  Can someone suggest to me how they implemented such a 
methodology?

View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3865953#3865953

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3865953


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to