Local lookup with user authentication
fernando.rubbo Jul 6, 2012 5:11 PMHi,
I'm migrating our ERP from JBoss 4.2 to JBoss 7.1.1. Although I got blocked trying to make a lookup of an local interface of a EJB.
Let me explain with the attachement. In LookupTest.zip I have 3 eclipse projects:
- LookupTestEJB
- com.test.ejb.Calculator - the local interface
- com.test.ejb.CalculatorBean - the ejb stateless
@Local(Calculator.class)
@Stateless
@SecurityDomain("test")
public class CalculatorBean implements Calculator {
....
- com.test.security.TestLoginModule - a very simple UsernamePasswordLoginModule
- LookupTestWAR
- index.jsp - with the code of the lookup into it
try
{
Hashtable<Object, Object> env = new Hashtable();
env.put(Context.SECURITY_PRINCIPAL, "Micke");
env.put(Context.SECURITY_CREDENTIALS, "123");
??????? WHAT SHOULD I PUT HERE ????????
InitialContext context = new InitialContext(env);
Calculator c = (Calculator)context.lookup("java:app/LookupTestEJB/CalculatorBean!com.test.ejb.Calculator");
out.println("<p>class: " + c);
out.println("<p>principal: " + c.getCallerName());
out.println("<p>add(10,34): " + c.add(10, 34));
}
catch(NamingException e)
{
e.printStackTrace();
}
- LookupTestEJBEAR
- just to pack the above projects into an ear
Beside this I've attached the standalone.xml configuration. Which is the original one with following difference.
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domains>
<security-domain name="test" cache-type="default">
<authentication>
<login-module code="com.test.security.TestLoginModule" flag="requisite"/>
</authentication>
</security-domain>
....
So, let's go back to the issue.
If you look at the code you will see I'm trying to look up a local interface.. So, I can NOT replace the red mark above with the following lines:
env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
env.put(Context.PROVIDER_URL, "remote:/localhost:4447");
env.put("jboss.naming.client.ejb.context", true);
However, I would like to get logged in into the EJB container with the user 'Micke' because I'm using the method ctx.getCallerPrincipal() in my EJB CalculatorBean. Note that without the login it will always return 'anonymous'. So the behaviour will be differente between a remote client and a local client.
It is important to say that In jboss 4.2 this works as expected using the below lines. However, I know jboss 7 does not support this solution anymore.
env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
env.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
So, THE QUESTION IS:
What should I do to have the same behaviour in remote and local clients?
Or being more specific. What should I do to get 'Micke' authenticated into the containar even when it uses a local interface?
Or what shoud I put in the red mark above?
Thanks in advance,
Fernando Rubbo
-
standalone.xml 15.1 KB
-
LookupTest.zip 16.9 KB