Hello,

I have found the solution in the meantime.

Gabor

"Moos Gabor" wrote in message
news:40aa3083@newsgroups.bea.com...
> Hello,
>
> In our application, the authentication providers' login module makes calls
> to a remote server hosting EJBs in order to retrieve authentication
> information stored in a database that is behind a firewall. All is fine,
as
> long as the session bean cordinating the retrieval of the authentication
> information in not permission protected.
>
> I tried to use the runAs() method in the Security class, but I just can't
> seem to be able to make it work. All I get is the infamous Invalid Subject
> error. All the subjects returned by the Weblogic API's are read-only, so I
> can't assign the required role to them. Is there any way I can pull this
> off: an authenticator calls a role protected EJB method on a different
> server in a different domain? If yes, how?
>
> Thanks,
>
> Gabor
>
>

Hello,

My solution to the afore mentioned problem require that I log on to the
server hosting the EJBs via a JAAS login context inside the authenticator
login module.
Where should I place my JAAS config file so it is visible to the
authentication providers login module?
I tried to add it to the startWeblogic.cmd file
as -Djava.security.auth.login.config=..., but it does not seem to work. When
I try to login to the login context, I get an error message saying there in
no login module configured for my login context, so it seems the JAAS config
file is not visible to the custom authenticators' login module. Is there any
way I can get this login context enclosed in a login module scenario work?

When run in an external java client, the solution works, I can log on to the
server fine.

Thanks,

Gabor

"Moos Gabor" wrote in message
news:40ab716e@newsgroups.bea.com...
> Hello,
>
> I have found the solution in the meantime.
>
> Gabor
>
> "Moos Gabor" wrote in message
> news:40aa3083@newsgroups.bea.com...
> > Hello,
> >
> > In our application, the authentication providers' login module makes
calls
> > to a remote server hosting EJBs in order to retrieve authentication
> > information stored in a database that is behind a firewall. All is fine,
> as
> > long as the session bean cordinating the retrieval of the authentication
> > information in not permission protected.
> >
> > I tried to use the runAs() method in the Security class, but I just
can't
> > seem to be able to make it work. All I get is the infamous Invalid
Subject
> > error. All the subjects returned by the Weblogic API's are read-only, so
I
> > can't assign the required role to them. Is there any way I can pull this
> > off: an authenticator calls a role protected EJB method on a different
> > server in a different domain? If yes, how?
> >
> > Thanks,
> >
> > Gabor
> >
> >
>
>

Gabor,

Can you please tell me where you finally ended up placing the jaas.config file
so that the LoginModules would work? I am having the same problem. Any help
you can provide will be greatly appreciated!

Thanks,

Sheryl


"Moos Gabor" wrote:
>Hello,
>
>My solution to the afore mentioned problem require that I log on to the
>server hosting the EJBs via a JAAS login context inside the authenticator
>login module.
>Where should I place my JAAS config file so it is visible to the
>authentication providers login module?
>I tried to add it to the startWeblogic.cmd file
>as -Djava.security.auth.login.config=..., but it does not seem to work.
>When
>I try to login to the login context, I get an error message saying there
>in
>no login module configured for my login context, so it seems the JAAS
>config
>file is not visible to the custom authenticators' login module. Is there
>any
>way I can get this login context enclosed in a login module scenario
>work?
>
>When run in an external java client, the solution works, I can log on
>to the
>server fine.
>
>Thanks,
>
>Gabor
>
>"Moos Gabor" wrote in message
>news:40ab716e@newsgroups.bea.com...
>> Hello,
>>
>> I have found the solution in the meantime.
>>
>> Gabor
>>
>> "Moos Gabor" wrote in message
>> news:40aa3083@newsgroups.bea.com...
>> > Hello,
>> >
>> > In our application, the authentication providers' login module makes
>calls
>> > to a remote server hosting EJBs in order to retrieve authentication
>> > information stored in a database that is behind a firewall. All is
>fine,
>> as
>> > long as the session bean cordinating the retrieval of the authentication
>> > information in not permission protected.
>> >
>> > I tried to use the runAs() method in the Security class, but I just
>can't
>> > seem to be able to make it work. All I get is the infamous Invalid
>Subject
>> > error. All the subjects returned by the Weblogic API's are read-only,
>so
>I
>> > can't assign the required role to them. Is there any way I can pull
>this
>> > off: an authenticator calls a role protected EJB method on a different
>> > server in a different domain? If yes, how?
>> >
>> > Thanks,
>> >
>> > Gabor
>> >
>> >
>>
>>
>
>

Dear Sheryl,

Nowhere. It just does not work like that. At least I was unable to get where
I wanted to be using the jaas.config solution.

Hint: UsernamePasswordLoginModule, the one from BEA. Create an instance(!)
of this class, and you can use it to log in to the server hosting the EJBs.
Hope this helps. It will not work on a single domain setup, however.

Gabor

"Sheryl" wrote in message news:40d5077d$1@mktnews1...
>
> Gabor,
>
> Can you please tell me where you finally ended up placing the
jaas.config file
> so that the LoginModules would work? I am having the same problem. Any
help
> you can provide will be greatly appreciated!
>
> Thanks,
>
> Sheryl
>
>
> "Moos Gabor" wrote:
> >Hello,
> >
> >My solution to the afore mentioned problem require that I log on to the
> >server hosting the EJBs via a JAAS login context inside the authenticator
> >login module.
> >Where should I place my JAAS config file so it is visible to the
> >authentication providers login module?
> >I tried to add it to the startWeblogic.cmd file
> >as -Djava.security.auth.login.config=..., but it does not seem to work.
> >When
> >I try to login to the login context, I get an error message saying there
> >in
> >no login module configured for my login context, so it seems the JAAS
> >config
> >file is not visible to the custom authenticators' login module. Is there
> >any
> >way I can get this login context enclosed in a login module scenario
> >work?
> >
> >When run in an external java client, the solution works, I can log on
> >to the
> >server fine.
> >
> >Thanks,
> >
> >Gabor
> >
> >"Moos Gabor" wrote in message
> >news:40ab716e@newsgroups.bea.com...
> >> Hello,
> >>
> >> I have found the solution in the meantime.
> >>
> >> Gabor
> >>
> >> "Moos Gabor" wrote in message
> >> news:40aa3083@newsgroups.bea.com...
> >> > Hello,
> >> >
> >> > In our application, the authentication providers' login module makes
> >calls
> >> > to a remote server hosting EJBs in order to retrieve authentication
> >> > information stored in a database that is behind a firewall. All is
> >fine,
> >> as
> >> > long as the session bean cordinating the retrieval of the
authentication
> >> > information in not permission protected.
> >> >
> >> > I tried to use the runAs() method in the Security class, but I just
> >can't
> >> > seem to be able to make it work. All I get is the infamous Invalid
> >Subject
> >> > error. All the subjects returned by the Weblogic API's are read-only,
> >so
> >I
> >> > can't assign the required role to them. Is there any way I can pull
> >this
> >> > off: an authenticator calls a role protected EJB method on a
different
> >> > server in a different domain? If yes, how?
> >> >
> >> > Thanks,
> >> >
> >> > Gabor
> >> >
> >> >
> >>
> >>
> >
> >
>