Using certificate authentication and @RolesAllowed
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
Using certificate authentication and @RolesAllowed
by glassfish-2
::
Rate this Message:
Hi,
I have the following problem: to provide a WebService I've annotated an EJB with @WebService, and also want to use the annotation @RolesAllowed (at the latest, on EJBs which are called by this WebService). Until now I've used authentication by username/password, using an own realm and an own LoginModule, extending the AppservPasswordLoginModule. Within this LoginModule, the user is mapped to some roles read from the database. So far, everything is fine. But now I want to use authentication via X509 certificates. And here I also want to add some roles to the user, to pass the @RolesAllowed annotation. * Without defining anything (only using Server/ClientProvider in MessageSecurityConfiguration for SOAP in glassfish) the certificate was validated correctly and the WebserviceContext contains this certificate. But I need a possibility to add some roles. * My idea was to use the CertificateRealm and write an own LoginModule for it. ** I tried to use the CertificateRealm, but I didn't get it working. In my sun-ejb-jar.xml I've defined: <ejb> <ejb-name>WsAccessBean</ejb-name> <webservice-endpoint> <port-component-name>WsAccessBean</port-component-name> <login-config> <auth-method>CLIENT-CERT</auth-method> <realm>certificate</realm> </login-config> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </webservice-endpoint> </ejb> But I got the error "Invalid request scheme for Endpoint WsAccessFacadeBean. Expected https . Received http" on the server.log. I'm calling the WebService with soapUI, perhaps there's something wrong with my client side configuration. Is this the correct usage of the certificate realm? ** (How) Is it possible to write an own LoginModule for the CertificateRealm? I didn't find a class to be extended for that case (according to the AppservPasswordLoginModule). * Is there another way I didn't see here to realize authentication with certificates adding roles to the user? Thanks for help. [Message sent by forum member 'freddydaking' (weishaeupl@...)] http://forums.java.net/jive/thread.jspa?messageID=370353 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Using certificate authentication and @RolesAllowed
by glassfish-2
::
Rate this Message:
This is not exactly the answer to your question, but it is certainly related, and it may help you to get started with the certificate realm : http://www.nogid.org/Belgian-identity-card-Glassfish-beid-eid . If I remember well, in GF 2.1, you can only make one role correspond to the users logged in via a specific certificate. (And as you point out, you will probably have to write a loginmodule to have multiple roles). I use some code in my application to lookup the remoteUser (which is the CN in the user certificate) in a database, and then determine his/her permissions.
Hope this helps somewhat ? [Message sent by forum member 'grombouts' ] http://forums.java.net/jive/thread.jspa?messageID=373569 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
| Free embeddable forum powered by Nabble | Forum Help |
