I am happy to report that my "quick & dirty" implementation of the custom JBoss
client login module and doAs() works like a charm. My implementation is based
on the JBoss source code and comprises of mainly two classes:
MyClientLoginModule and MySecurityAssociation. MyClientLoginModule is the new
client login module that replaces the original ClientLoginModule in the JAAS
configuration. MySecurityAssociation complements the original
SecurityAssociation class with the new doAs() implementation.
- I tried to create the cache for cridentials in the new login module, but it
didn't work when the doAs() was called in the server side. Our server seems to
login only once and reuse the same subject over and over again. However, in
some of the server threads, the cridential cache doesn't get copied; copying of
the cridential cache is supposed to work only in the child threads, but some of
our threads may not be a direct child, but independent. Anyway, I ended up
caching the cridential in the subject itself. This is somewhat risky when the
cridential is a clear text password.
- The JBoss doAs() simply calls the JBoss pushSubjectContext with the criential
before the Subject.doAs() call and it calls the JBoss popSubjectContext
afterwards.
This should be something that RedHat/JBoss could easily implement. I am not
sure why it should be done by the user.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3994322#3994322
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3994322
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
