 | Mailing List | | Home | | Forum Home | | JBoss - Java Application Server | | Tomcat - JSP/Servlet container | | Struts - A MVC web framework | | iText - An open source PDF Java Library | | JDOM - JDOM XML Parser | | J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition | | JSP - A mailing list about Java Server Pages specification and reference | | J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog | | Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology | |
Struts & Hibernate
|
|
|
| | | - Re: EJB Client and Digest Auth using same | - Re: EJB Client and Digest Auth using same 2007-06-11 - By joff
Back
I've solved the problem myself, here it is in case someone else has a similar
issue:
1) You can have multiple 'login-module' elements per 'authentication' element
in login-config.xml, which you can set to 'optional', so that if one fails, the
other one will be tried, and the entire authentication won't fail.
2) In order for my EJB client (running inside the container) to authenticate
itself with the container (using the Properties as above) then you also need
the ClientLoginModule to be present in the config for the security domain
New, improved login-config.xml follows:
<application-policy name="MyDomain">
| <authentication>
|
| <!-- Module for doing DIGEST authentication from the web tier -->
| <login-module code = "org.jboss.security.auth.spi
.DatabaseServerLoginModule" flag = "optional">
| <module-option name = "dsJndiName">java:/myDS</module-option>
| <module-option name = "principalsQuery">SELECT password_hash FROM
auth WHERE user_id=?</module-option>
| <module-option name = "rolesQuery">SELECT role AS Role,"Roles" AS
RoleGroup FROM role WHERE user_id=?</module-option>
| <module-option name = "hashAlgorithm">MD5</module-option>
| <module-option name = "hashEncoding">rfc2617</module-option>
| <module-option name = "hashUserPassword">false</module-option>
| <module-option name = "hashStorePassword">true</module-option>
| <module-option name = "passwordIsA1Hash">true</module-option>
| <module-option name = "storeDigestCallback">org.jboss.security
.auth.spi.RFC2617Digest</module-option>
| </login-module>
|
| <!-- Module for doing authentication from within the application,
already have the hashed password -->
| <login-module code = "org.jboss.security.auth.spi
.DatabaseServerLoginModule" flag = "optional">
| <module-option name = "dsJndiName">java:/myDS</module-option>
| <module-option name = "principalsQuery">SELECT password_hash FROM
auth WHERE user_id=?</module-option>
| <module-option name = "rolesQuery">SELECT role AS Role,"Roles" AS
RoleGroup FROM role WHERE user_id=?</module-option>
| </login-module>
|
| <!-- Client Login module so that the security context can be set
for invoking EJBs -->
| <login-module code = "org.jboss.security.ClientLoginModule  " flag =
"required">
| <module-option name="restore-login-identity">true</module-option>
| </login-module>
|
| </authentication>
| </application-policy>
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic
&p=4052975#4052975
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode
=reply&p=4052975
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
jboss-user mailing list
jboss-user@(protected)
https://lists.jboss.org/mailman/listinfo/jboss-user
|
|
|
