StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POPicketBox EJB Authentication on Wicket UI
text
Body
copied!<p>I am using EJBs (on JBoss) and Wicket as the UI layer. I added security to my EJB, my security.conf looks like this:</p> <pre><code><application-policy name="my-security-domain"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties">META-INF/users.properties</module-option> <module-option name="rolesProperties">META-INF/roles.properties</module-option> </login-module> </authentication> </application-policy> </code></pre> <p>In the UI layer, I use PicketBox to authenticate as instructed in the PicketBox Authentication page: <a href="http://community.jboss.org/wiki/PicketBoxAuthentication#PicketBox_Authentication_in_a_JBoss_Application_Server_5_environment" rel="nofollow">http://community.jboss.org/wiki/PicketBoxAuthentication#PicketBox_Authentication_in_a_JBoss_Application_Server_5_environment</a></p> <p>My Wicket AuthenticatedWebSession sub-class looks like this:</p> <pre><code>private Subject subject; private SecurityContext securityContext; @Override public boolean authenticate(String username, String password) { boolean authenticated = false; securityContext = null; SecurityFactory.prepare(); try { String securityDomainName = "my-security-domain"; String configFile = "META-INF/security.conf"; PicketBoxConfiguration idtrustConfig = new PicketBoxConfiguration(); idtrustConfig.load(configFile); //Note: This is the most important line where you establish a security context securityContext = SecurityFactory.establishSecurityContext(securityDomainName); AuthenticationManager am = securityContext.getAuthenticationManager(); subject = new Subject(); Principal principal = new SimplePrincipal(username); Object credential = new String(password); authenticated = am.isValid(principal, credential, subject); securityContext.getUtil().createSubjectInfo(principal, credential, subject); //You may make call outs to other components here*/ //DEBUG for(Principal p : subject.getPrincipals()) { LOGGER.debug("Principal: " + p.getName()); if(p instanceof Group) { Group g = (Group) p; Enumeration<? extends Principal> members = g.members(); while(members.hasMoreElements()) { Principal member = members.nextElement(); LOGGER.debug("Group name: " + member.getName()); } } } } catch(Exception e) { e.printStackTrace(); } return authenticated; } </code></pre> <p>So far so good, I can authenticated with the server from the UI. However, any subsequent calls to the secure EJBs from else where in the UI layer will fail with "Invalid User" although I have already authenticated.</p> <p>I have tested the authentication in a standalone client and it works fine, I can invoke a secure EJB afterwards.</p> <p>I have also tried the authentication outlined by this post, and the UI still cannot invoke secure EJBs: <a href="http://iocanel.blogspot.com/2010/09/karafs-jaas-modules-in-action.html" rel="nofollow">http://iocanel.blogspot.com/2010/09/karafs-jaas-modules-in-action.html</a></p> <p>Any help would be greatly appreciated.</p> <p>Kind regards,</p> <p>Linh</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload