Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / JavaBeans / November 2003

Tip: Looking for answers? Try searching our database.

JBoss 3.2.2 security

Thread view: 
Enable EMail AlertsStart New Thread
krasm@krasy.zagiel.com.pl - 20 Nov 2003 10:14 GMT
Hello,

I'm developing EJB based system on JBoss. The system consists of
two parts: the set of EJB's, mainly Entity Beans which are interfaces
to DB and servlet which is used as user interface. As the interface to
entity beans i'm using statefull session bean. Every call from servlet
have to pass throught it.
To authenticate users I'm using DatabaseServerLoginModule. Users are
able to login, but then they try again to execute eny method from
session bean the server throws exception
Authentication exception, principal=null
What am i doing wrong ?? Should I store the users principal or
it is stored in session context ?

Cheers,
Signature

Marcin Krasowski     mkrasowski (at) zagiel (dot) com (dot) pl

                      To iterate is human, to recurse divine.
                                             L. Peter Deutsch

Reply to this Message
Data - 20 Nov 2003 12:15 GMT
> Hello,
>
[quoted text clipped - 11 lines]
>
> Cheers,

to propagate the principal from the authenticated servlet to the ejb
conteiner you have do protect your servlet adding in web.xml some security
constraints, somethig like this:
....
<security-constraint>
   <display-name>Protected area</display-name>
   <web-resource-collection>
     <web-resource-name>My protected servlet</web-resource-name>
     <url-pattern>URL/OF/MY/SERVLET</url-pattern>
<!-- If you list httpmethods, only those methods are protected -->
     <http-method>DELETE</http-method>
     <http-method>GET</http-method>
     <http-method>POST</http-method>
     <http-method>PUT</http-method>
   </web-resource-collection>
   <auth-constraint>
     <!-- Anyone with one of the listed roles may access this area -->
     <role-name>MyGrantedRole</role-name>
   </auth-constraint>
</security-constraint>

Cheers
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.