[jira] Commented: (SM-812) [patch] JAAS Login for Batch Processes

[Guillaume Nodet (JIRA)]

    [ 
https://issues.apache.org/activemq/browse/SM-812?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_37874
 ] 

Guillaume Nodet commented on SM-812:
------------------------------------

Cool :)

Just a question: did you handle the case where the EJB itself is secured in the 
J2EE server ? If so, how ?
I think this component only solves the case where the jsr181 endpoint is 
secured by servicemix, right ?

> [patch] JAAS Login for Batch Processes 
> ---------------------------------------
>
>                 Key: SM-812
>                 URL: https://issues.apache.org/activemq/browse/SM-812
>             Project: ServiceMix
>          Issue Type: New Feature
>          Components: servicemix-components
>            Reporter: Kristian Koehler
>         Attachments: patch.zip, patch.zip
>
>
> Hi
> the attached patch includes a PassThroughJAASLoginComponent which forwards a
> Message through the NMR and performs a JAAS login. The JAAS Subject is added 
> to
> the message properties ("javax.jbi.security.subject").
> This component can be used if you have a batch process which should call an 
> JAAS
> secured component (for example a EJB service called with JSR-181). The
> attached StaticValueCallbackHandler for example enables you to configure 
> static
> login information.
> Sample Config:
> --- 8< (start) ---
> ...
> <sm:activationSpec componentName="login" service="foo:login">
>  <sm:component>
>       <bean 
> class="org.apache.servicemix.components.security.PassThroughJAASLoginComponent">
>               <property name="loginContext" ref="loginContext" />
>       </bean>
>  </sm:component>
> </sm:activationSpec>
> ...
> <bean id="loginContext"
>       class="javax.security.auth.login.LoginContext">
>       <constructor-arg>
>               <value>servicemix-domain</value>
>       </constructor-arg>
>       <constructor-arg>
>               <ref local="callbackHandler" />
>       </constructor-arg>
> </bean>
> <bean id="callbackHandler"
>       
> class="org.apache.servicemix.components.security.StaticValueCallbackHandler">
>       <property name="name" value="first" />
>       <property name="password" value="secret" />
> </bean>
> ...
> --- 8< (end) ---
> After the PassThroughJAASLoginComponent is invoked and the login could be
> performed you can call JAAS secured endpoints.
> The patch includes test cases for the component.
> Kristian

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
https://issues.apache.org/activemq/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira