Unsecured Remote Access to ProfileService

The ProfileService beans deployed in the AS deploy/profileservice-jboss-beans.xml binds proxies for the key ProfileService APIs into JNDI for remote access. The entry point is bound by the ProfileServiceProxyFactory bean under the jndiName property setting. The default value for this property is ProfileService. The prototypical code for obtaining the ProfileService proxy is:

import org.jboss.profileservice.spi.ProfileService;

InitialContext ic = new InitialContext()
ProfileService ps = (ProfileService) ic.lookup("ProfileService");

Remote access to the ManagementView and DeploymentManager are obtained by using the following ProfileService proxy accessors:

• ManagementView getViewManager();
• DeploymentManager getDeploymentManager();
  

Secured Remote Access to ProfileService

For secured access the AS deploy/profileservice-secured.jar deploys EJB3 beans that implement the key ProfileService APIs as business interfaces, and introduce security requirements. The remote interfaces are available under:

• ProfileService - "SecureProfileService/remote"
• ManagementView - "SecureManagementView/remote"
• DeploymentManager - "SecureDeploymentManager/remote"

Prototypical code for accessing the remote interfaces is:

import org.jboss.deployers.spi.management.deploy.DeploymentManager
import org.jboss.deployers.spi.management.ManagementView;

import org.jboss.profileservice.spi.ProfileService;

   protected ProfileService getProfileService()
      throws Exception
   {
      InitialContext ctx = super.getInitialContext();
      ProfileService ps = (ProfileService) ctx.lookup("SecureProfileService/remote");
      return ps;
   }
   protected ManagementView getManagementView()
      throws Exception
   {
      InitialContext ctx = super.getInitialContext();
      ManagementView mgtView = (ManagementView) ctx.lookup("SecureManagementView/remote");
      return mgtView;
   }
   protected DeploymentManager getDeploymentManager()

      throws Exception

   {

      InitialContext ctx = super.getInitialContext();

      DeploymentManager deployMgr = (DeploymentManager) ctx.lookup("SecureDeploymentManager/remote");

      return deployMgr;

   }

The ManagementView is configured to use a @SecurityDomain(value="profileservice", unauthenticatedPrincipal="nobody") with @RolesAllowed({"Administrator"}). Access to the EJBs therefore requires setup of the profileservice security domain to contain users that have been assigned the role of Administrator. For instructions on setting up a new security domain, see http://www.jboss.org/community/wiki/CreateASimpleSecurityDomainForJBossSX.

Secure Only Access

To only provide secure access one would have to change the jndiName of the ProfileServiceProxyFactory bean to use a server local binding like "java:ProfileService" and then update the EJB3 deployment @Resource injection mappedName to "java:ProfileService" on the SecureManagementView EJB.

Specifying the User Information

There are many different ways to provide the security information of the user accessing the EJBs. One commen approach is to include them in the IntialContextFactory properties using the JndiLoginInitialContextFactory. For example:

    private static final String INITIAL_CONTEXT_FACTORY = "org.jboss.security.jndi.JndiLoginInitialContextFactory";
    private Properties createInitialContextEnvironment(String jndiUrl, String principal, char[] credentials)
    {
        Properties env = new Properties();
        env.setProperty(Context.INITIAL_CONTEXT_FACTORY, INITIAL_CONTEXT_FACTORY);
        env.setProperty(Context.PROVIDER_URL, jndiUrl);
        env.setProperty(Context.SECURITY_PRINCIPAL, principal);
        env.setProperty(Context.SECURITY_CREDENTIALS, credentials);
        return env;
    } 

For more information on the various InitialContexts that are available, see http://www.jboss.org/community/wiki/JBossNS.