[JBoss-user] [Security & JAAS/JBoss] - Re: newbie: JAAS howto using EJB3

Tue, 15 Nov 2005 01:21:04 -0800 

Your session bean:
@SecurityDomain("mydomain")
@Stateless
@Remote({ITestBean.class})
public class TestBean implements ITestBean {
    @RolesAllowed("myrole")
    public String accessPermitted() {
       return sc.getCallerPrincipal().getName();
    }
}

Define the security domain in conf/login-config.xml:
    <application-policy name = "mydomain">
       
          <login-module code = 
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
             flag = "required">
             <module-option name = 
"unauthenticatedIdentity">guest</module-option>
             <module-option name = "dsJndiName">java:/myDS</module-option>
             <module-option name = "principalsQuery">SELECT PASSWD FROM USERS 
WHERE USERID=?</module-option>
             <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM 
ROLES WHERE USERID=?</module-option>
          </login-module>
       
    </application-policy>


>From a client (outside JBoss):
        ClassLoader cl = Thread.currentThread().getContextClassLoader();
        URL authconf = cl.getResource("jaas.conf");
        // work around a JDK bug that fails to unescape the URL
        String p = URLDecoder.decode(authconf.toExternalForm(), "UTF-8");
        System.setProperty("java.security.auth.login.config", p);        

        CallbackHandler handler = ....; // your JAAS callback handler
        LoginContext auth = new LoginContext("other", handler);
        auth.login();

        // make calls to session beans
        Context jndi = new InitialContext();
        ITestBean bean = (ITestBean) jndi.lookup(ITestBean.class.getName());
        log.debug(bean.accessPermitted());
        auth.logout();


jaas.conf is something like this:
other {
   org.jboss.security.ClientLoginModule  required;
};
 

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3907174#3907174

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3907174


-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to