Version 8

    The org.jboss.security.jndi.LoginInitialContextFactory

    Historically JBoss has not supported providing login information via the IntialContext factory environment. The reason being that JAAS provides a much more flexible framework. For simplicity and migration from other application server environment that do make use of this mechanism, Since jboss-3.0.3 there has been an InitialContext factory implementation that allows this. JAAS is still used under in the implementation, but there is no manifest use of the JAAS interfaces in the client application.

     

    The factory class that provides this capability is the org.jboss.security.jndi.LoginInitialContextFactory. The complete set of supported InitialContext environment properties for this factory are:

     

    • java.naming.factory.initial (or Context.INITIAL_CONTEXT_FACTORY ), The name of the environment property for specifying the initial context factory, which must be org.jboss.security.jndi.LoginInitialContextFactory .

    • java.naming.provider.url (or Context.PROVIDER_URL ), This must be set to a NamingContextFactory provider URL. The LoginIntialContext is really just a wrapper around the NamingContextFactory that adds a JAAS login to the existing NamingContextFactory behavior.

    • java.naming.factory.url.pkgs (or Context.URL_PKG_PREFIXES ), For all JBoss JNDI provider this must be org.jboss.naming:org.jnp.interfaces . This property is essential for locating the jnp: and java: URL context factories of the JBoss JNDI provider.

    • java.naming.security.principal (or Context.SECURITY_PRINCIPAL ), The principal to authenticate. This may be either a java.security.Principal implementation or a string representing the name of a principal. Context.SECURITY_CREDENTIALS

    • java.naming.security.credentials (or Context.SECURITY_CREDENTIALS ), The credentials that should be used to authenticate the principal, e.g., password, session key, etc.

    • java.naming.security.protocol (or Context.SECURITY_PROTOCOL ), This gives the name of the JAAS login modules configuration to use for the authentication of the principal and credentials. (e.g., "other" for a security-domain value of "java:/jaas/other").

     

    The following example illustrates the use of the LoginInitialContextFactory using the client-login name for the Context.SECURITY_PROTOCOL. This is what typically would be used from a client as this maps to the predefined client-login conf/login-config.xml entry in the jboss server:

     

          Properties env = new Properties();
          // Try with a login that should succeed
          env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.LoginInitialContextFactory");
          env.setProperty(Context.PROVIDER_URL, "jnp://localhost:1099/");
          env.setProperty(Context.SECURITY_CREDENTIALS, "theduke");
          env.setProperty(Context.SECURITY_PRINCIPAL, "jduke");
          env.setProperty(Context.SECURITY_PROTOCOL, "testLoginInitialContext");
    

     

    Note: What this basically does is that when the client is trying to download the naming proxy on the client side, JAAS login is performed with the login configuration name to be equal to the name passed in Context.SECURITY_PROTOCOL, user name and credential from the context information. Only after the login succeeds, will the naming proxy be returned.

     

    For Server Side security for the naming service if needed, look at http://wiki.jboss.org/wiki/Wiki.jsp?page=XMBeansforSecurity

     

    If you're trying to utilize EJB authorization on remote clients, then you might want to use org.jboss.security.jndi.JndiLoginInitialContextFactory.