Spring Security is setting the token as a thread local variable, but in
Camel it doesn't do the trick as the Camel as an async routing engine,
which means the calling thread could be changed.
I think we can set up a composite registry which can look up the beans
from jndi and spring application context at the same time.
On Wed Sep 14 15:39:26 2011, vhalitsyn wrote:
Hi,
I'm trying to setup a route which would send some of my data to the remote
EJB eg:
<from uri="file:data/inbox?noop=true"/>
<policy ref="admin">
<to uri="bean:TestReceiverService?method=myMethod"/>
</policy>
<log message="sent!!" loggingLevel="INFO"/>
I'm using spring context for configuration, but I can't stop getting the
org.apache.camel.RuntimeCamelException: javax.ejb.EJBAccessException:
Authentication failure
exception when invoking the beans method. If I use the not-JAAS protected
bean everything works like a charm. One would suggest using the ejb
component instead of bean, but I would argue as if I configure my Registry
to resolve names from the JBoss JNDI I can't get normal spring beans located
in my routes. So, as I understand, I'm forced to using spring beans and wire
them to EJB's. I've done that in the next way:
<jee:remote-slsb environment-ref="jndiProps" id="TestReceiverService"
jndi-name="ear-name/TestReceiverService/remote"
business-interface="services.TestReceiverServiceRemote"/>
I have the spring security configured using
<spring-security:authentication-manager alias="authenticationManager">
<spring-security:authentication-provider
user-service-ref="userDetailsService"/>
</spring-security:authentication-manager>
<spring-security:user-service id="userDetailsService">
<spring-security:user name="myUser" password="myPass"
authorities="ROLE_JBOSS_CLIENT_LOGIN"/>
</spring-security:user-service>
<authorizationPolicy id="admin" access="ROLE_JBOSS_CLIENT_LOGIN"
authenticationManager="authenticationManager"
accessDecisionManager="accessDecisionManager"
xmlns="http://camel.apache.org/schema/spring-security"/>
and JAAS configured using
<bean id="jaasAuthenticationProvider"
class="org.springframework.security.authentication.jaas.JaasAuthenticationProvider"
<property name="loginConfig" value="jaas.conf"/>
<property name="loginContextName" value="clientAuth"/>
<property name="callbackHandlers">
<list>
<bean
class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler"/>
<bean
class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler"/>
</list>
</property>
</bean>
But this does not work for authentication, even if I set the Authenticated
user both with the Exchange and Spring like:
Collection<GrantedAuthority> authorities = new
LinkedList<GrantedAuthority>();
authorities.add(new
GrantedAuthorityImpl("ROLE_JBOSS_CLIENT_LOGIN"));
UsernamePasswordAuthenticationToken authToken = new
UsernamePasswordAuthenticationToken("myUser", "myPass", authorities
);
// wrap it in a Subject
Subject subject = new Subject();
subject.getPrincipals().add(authToken);
// place the Subject in the In message
exchange.getIn().setHeader(Exchange.AUTHENTICATION, subject);
SecurityContextHolder.getContext().setAuthentication(authToken);
The only thing that(obviously) helps is manually doing the
LoginContext ctx = new LoginContext("clientAuth", new
UsernamePasswordHandler("myUser","myPass"));
ctx.login();
in the rote.
*So my question is whether there is a way to tell camel to authenticate a
given user automatically when the request to the JAAS protected resource is
issued, without adding the manual ClientLogin code. Or am I looking in the
wrong direction?*
The workaround I have now(adding a processor which would do the ctx.login())
works but I'm really concerned about correctness of this approach.
--
View this message in context:
http://camel.465427.n5.nabble.com/Can-t-get-JAAS-working-for-EJB-3-0-on-JBoss-while-routing-tp4801889p4801889.html
Sent from the Camel - Users mailing list archive at Nabble.com.
--
Willem
----------------------------------
FuseSource
Web: http://www.fusesource.com
Blog: http://willemjiang.blogspot.com (English)
http://jnn.javaeye.com (Chinese)
Twitter: willemjiang
Weibo: willemjiang
