|
|
| Apache Geronimo > Discussion Forums | User List | Dev List | Wiki | Issue Tracker |
|
View:
New views
4 Messages
—
Rating Filter:
Alert me
|
 |
Trouble obtaining JaaS login context from within EJB
by kistler
::
Rate this Message:
Hello,
I'm currently developing an Enterprise application which Comprises of a servlet and ejb for Geronimo 2.1 and I have secured the Ejb with a Security Realm configured to authenticate against a SQLLoginModule. I'm confident that this is authenticating correctly as I have done negative and positive testing. I'm testing my ejb my connecting to it from a servlet as follows: CallbackHandler handler = new UserIdPasswordCallbackHandler(user, password); LoginContext ctx = new LoginContext("SecurityRealm",handler); ctx.login(); This succeeds when supplied the correct credentials and throws exceptions with invalid credentials. I obtain a reference to the remote interface as follows: Properties prop=new Properties(); prop.put(Context.INITIAL_CONTEXT_FACTORY, "org.apache.openejb.client.RemoteInitialContextFactory"); prop.put("java.naming.provider.url", "ejbd://localhost:4201"); Context context = new InitialContext(prop); Object o = context.lookup("SessionManagerBeanRemote"); SessionManagerRemote remote = (SessionManagerRemote)o; This works correctly as I am able to call my remote ejb methods! Now - the piece I am missing is I need to be able to obtain the current Subject that was authenticated. ie - I need to know the identity of the user that has been authenticated to use this ejb and is invoking it. So if joe was authenticated to use the SessionManager - I need to be able to obtain joe's login name. I believe if I was within a web container I'd be able to use the equivalent of: HttpServletRequest.getUserPrincipal() ... Can someone point me to a reference, decently documented example or something that will tell me what API I need to use? I'm happy to do some reading but I've looked around quite a bit and I think I might be missing something... There doesn't seem to be a clear reference to this is the standard geronimo documentation - only some lite discussion for web containers. Thanks in advance! -Keith |
|
|
Re: Trouble obtaining JaaS login context from within EJB
by Juergen Weber
::
Rate this Message:
Wouldn't that be SessionContext.getCallerPrincipal() ?
Juergen
|
|
|
Re: Trouble obtaining JaaS login context from within EJB
by kistler
::
Rate this Message:
Ah - yes this looks like it probably would be what I need - any idea what the geronimo implementation for this would be?
|
|
|
Re: Trouble obtaining JaaS login context from within EJB
by djencks
::
Rate this Message:
On Jun 19, 2009, at 6:44 AM, kistler wrote: > > Hello, > > I'm currently developing an Enterprise application which Comprises > of a > servlet and ejb for Geronimo 2.1 and I have secured the Ejb with a > Security > Realm configured to authenticate against a SQLLoginModule. I'm > confident > that this is authenticating correctly as I have done negative and > positive > testing. > > I'm testing my ejb my connecting to it from a servlet as follows: > > CallbackHandler handler = new UserIdPasswordCallbackHandler(user, > password); > LoginContext ctx = new LoginContext("SecurityRealm",handler); > ctx.login(); > > This succeeds when supplied the correct credentials and throws > exceptions > with invalid credentials. I assume this is a standalone test not part of your application? Doing this will not tell geronimo anything about the Subject you have created and your ejb will not be secured from the servlet. > > I obtain a reference to the remote interface as follows: > > Properties prop=new Properties(); > prop.put(Context.INITIAL_CONTEXT_FACTORY, > "org.apache.openejb.client.RemoteInitialContextFactory"); > prop.put("java.naming.provider.url", "ejbd://localhost:4201"); > Context context = new InitialContext(prop); > > Object o = context.lookup("SessionManagerBeanRemote"); > SessionManagerRemote remote = (SessionManagerRemote)o; > > This works correctly as I am able to call my remote ejb methods! yes, and there is no security in place. If you are calling from the servlet you did the test login from, the Subject info will not be propagated to the ejb container. > > Now - the piece I am missing is I need to be able to obtain the > current > Subject that was authenticated. ie - I need to know the identity of > the > user that has been authenticated to use this ejb and is invoking > it. So if > joe was authenticated to use the SessionManager - I need to be able to > obtain joe's login name. You probably want first to set up container managed security. Easiest is to use one of the built in authentication methods for the web app. If you don't like this, you should call one of the geronimo ContextManager.login methods for your login and then Callers oldCallers = ContextManager.setCallers(subject, subject); try { //do secured stuff like calling the ejb } finally { ContextManager.popCallers(oldCallers); } Or if you are adventurous you can use (unreleased) geronimo 2.2 + jetty7 with a jaspic authentication module. At this point, Juergens suggestion of using sessionContext.getCallerPrincipal() in the ejb will work. thanks david jencks > > I believe if I was within a web container I'd be able to use the > equivalent > of: HttpServletRequest.getUserPrincipal() ... Can someone point me > to a > reference, decently documented example or something that will tell > me what > API I need to use? I'm happy to do some reading but I've looked > around > quite a bit and I think I might be missing something... There > doesn't seem > to be a clear reference to this is the standard geronimo > documentation - > only some lite discussion for web containers. > > Thanks in advance! > -Keith > -- > View this message in context: http://www.nabble.com/Trouble-obtaining-JaaS-login-context-from-within-EJB-tp24111796s134p24111796.html > Sent from the Apache Geronimo - Users mailing list archive at > Nabble.com. > |
| Free embeddable forum powered by Nabble | Forum Help |
