Hardcoded role for authentication related EJBs - Weblogic

This is a discussion on Hardcoded role for authentication related EJBs - Weblogic ; Hello, In our application, the authentication providers' login module makes calls to a remote server hosting EJBs in order to retrieve authentication information stored in a database that is behind a firewall. All is fine, as long as the session ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Hardcoded role for authentication related EJBs

  1. Hardcoded role for authentication related EJBs

    Hello,

    In our application, the authentication providers' login module makes calls
    to a remote server hosting EJBs in order to retrieve authentication
    information stored in a database that is behind a firewall. All is fine, as
    long as the session bean cordinating the retrieval of the authentication
    information in not permission protected.

    I tried to use the runAs() method in the Security class, but I just can't
    seem to be able to make it work. All I get is the infamous Invalid Subject
    error. All the subjects returned by the Weblogic API's are read-only, so I
    can't assign the required role to them. Is there any way I can pull this
    off: an authenticator calls a role protected EJB method on a different
    server in a different domain? If yes, how?

    Thanks,

    Gabor



  2. Re: Hardcoded role for authentication related EJBs

    Hello,

    I have found the solution in the meantime.

    Gabor

    "Moos Gabor" wrote in message
    news:40aa3083@newsgroups.bea.com...
    > Hello,
    >
    > In our application, the authentication providers' login module makes calls
    > to a remote server hosting EJBs in order to retrieve authentication
    > information stored in a database that is behind a firewall. All is fine,

    as
    > long as the session bean cordinating the retrieval of the authentication
    > information in not permission protected.
    >
    > I tried to use the runAs() method in the Security class, but I just can't
    > seem to be able to make it work. All I get is the infamous Invalid Subject
    > error. All the subjects returned by the Weblogic API's are read-only, so I
    > can't assign the required role to them. Is there any way I can pull this
    > off: an authenticator calls a role protected EJB method on a different
    > server in a different domain? If yes, how?
    >
    > Thanks,
    >
    > Gabor
    >
    >




  3. Re: Hardcoded role for authentication related EJBs

    Hello,

    My solution to the afore mentioned problem require that I log on to the
    server hosting the EJBs via a JAAS login context inside the authenticator
    login module.
    Where should I place my JAAS config file so it is visible to the
    authentication providers login module?
    I tried to add it to the startWeblogic.cmd file
    as -Djava.security.auth.login.config=..., but it does not seem to work. When
    I try to login to the login context, I get an error message saying there in
    no login module configured for my login context, so it seems the JAAS config
    file is not visible to the custom authenticators' login module. Is there any
    way I can get this login context enclosed in a login module scenario work?

    When run in an external java client, the solution works, I can log on to the
    server fine.

    Thanks,

    Gabor

    "Moos Gabor" wrote in message
    news:40ab716e@newsgroups.bea.com...
    > Hello,
    >
    > I have found the solution in the meantime.
    >
    > Gabor
    >
    > "Moos Gabor" wrote in message
    > news:40aa3083@newsgroups.bea.com...
    > > Hello,
    > >
    > > In our application, the authentication providers' login module makes

    calls
    > > to a remote server hosting EJBs in order to retrieve authentication
    > > information stored in a database that is behind a firewall. All is fine,

    > as
    > > long as the session bean cordinating the retrieval of the authentication
    > > information in not permission protected.
    > >
    > > I tried to use the runAs() method in the Security class, but I just

    can't
    > > seem to be able to make it work. All I get is the infamous Invalid

    Subject
    > > error. All the subjects returned by the Weblogic API's are read-only, so

    I
    > > can't assign the required role to them. Is there any way I can pull this
    > > off: an authenticator calls a role protected EJB method on a different
    > > server in a different domain? If yes, how?
    > >
    > > Thanks,
    > >
    > > Gabor
    > >
    > >

    >
    >




  4. Re: Hardcoded role for authentication related EJBs


    Gabor,

    Can you please tell me where you finally ended up placing the jaas.config file
    so that the LoginModules would work? I am having the same problem. Any help
    you can provide will be greatly appreciated!

    Thanks,

    Sheryl


    "Moos Gabor" wrote:
    >Hello,
    >
    >My solution to the afore mentioned problem require that I log on to the
    >server hosting the EJBs via a JAAS login context inside the authenticator
    >login module.
    >Where should I place my JAAS config file so it is visible to the
    >authentication providers login module?
    >I tried to add it to the startWeblogic.cmd file
    >as -Djava.security.auth.login.config=..., but it does not seem to work.
    >When
    >I try to login to the login context, I get an error message saying there
    >in
    >no login module configured for my login context, so it seems the JAAS
    >config
    >file is not visible to the custom authenticators' login module. Is there
    >any
    >way I can get this login context enclosed in a login module scenario
    >work?
    >
    >When run in an external java client, the solution works, I can log on
    >to the
    >server fine.
    >
    >Thanks,
    >
    >Gabor
    >
    >"Moos Gabor" wrote in message
    >news:40ab716e@newsgroups.bea.com...
    >> Hello,
    >>
    >> I have found the solution in the meantime.
    >>
    >> Gabor
    >>
    >> "Moos Gabor" wrote in message
    >> news:40aa3083@newsgroups.bea.com...
    >> > Hello,
    >> >
    >> > In our application, the authentication providers' login module makes

    >calls
    >> > to a remote server hosting EJBs in order to retrieve authentication
    >> > information stored in a database that is behind a firewall. All is

    >fine,
    >> as
    >> > long as the session bean cordinating the retrieval of the authentication
    >> > information in not permission protected.
    >> >
    >> > I tried to use the runAs() method in the Security class, but I just

    >can't
    >> > seem to be able to make it work. All I get is the infamous Invalid

    >Subject
    >> > error. All the subjects returned by the Weblogic API's are read-only,

    >so
    >I
    >> > can't assign the required role to them. Is there any way I can pull

    >this
    >> > off: an authenticator calls a role protected EJB method on a different
    >> > server in a different domain? If yes, how?
    >> >
    >> > Thanks,
    >> >
    >> > Gabor
    >> >
    >> >

    >>
    >>

    >
    >



  5. Re: Hardcoded role for authentication related EJBs

    Dear Sheryl,

    Nowhere. It just does not work like that. At least I was unable to get where
    I wanted to be using the jaas.config solution.

    Hint: UsernamePasswordLoginModule, the one from BEA. Create an instance(!)
    of this class, and you can use it to log in to the server hosting the EJBs.
    Hope this helps. It will not work on a single domain setup, however.

    Gabor

    "Sheryl" wrote in message news:40d5077d$1@mktnews1...
    >
    > Gabor,
    >
    > Can you please tell me where you finally ended up placing the

    jaas.config file
    > so that the LoginModules would work? I am having the same problem. Any

    help
    > you can provide will be greatly appreciated!
    >
    > Thanks,
    >
    > Sheryl
    >
    >
    > "Moos Gabor" wrote:
    > >Hello,
    > >
    > >My solution to the afore mentioned problem require that I log on to the
    > >server hosting the EJBs via a JAAS login context inside the authenticator
    > >login module.
    > >Where should I place my JAAS config file so it is visible to the
    > >authentication providers login module?
    > >I tried to add it to the startWeblogic.cmd file
    > >as -Djava.security.auth.login.config=..., but it does not seem to work.
    > >When
    > >I try to login to the login context, I get an error message saying there
    > >in
    > >no login module configured for my login context, so it seems the JAAS
    > >config
    > >file is not visible to the custom authenticators' login module. Is there
    > >any
    > >way I can get this login context enclosed in a login module scenario
    > >work?
    > >
    > >When run in an external java client, the solution works, I can log on
    > >to the
    > >server fine.
    > >
    > >Thanks,
    > >
    > >Gabor
    > >
    > >"Moos Gabor" wrote in message
    > >news:40ab716e@newsgroups.bea.com...
    > >> Hello,
    > >>
    > >> I have found the solution in the meantime.
    > >>
    > >> Gabor
    > >>
    > >> "Moos Gabor" wrote in message
    > >> news:40aa3083@newsgroups.bea.com...
    > >> > Hello,
    > >> >
    > >> > In our application, the authentication providers' login module makes

    > >calls
    > >> > to a remote server hosting EJBs in order to retrieve authentication
    > >> > information stored in a database that is behind a firewall. All is

    > >fine,
    > >> as
    > >> > long as the session bean cordinating the retrieval of the

    authentication
    > >> > information in not permission protected.
    > >> >
    > >> > I tried to use the runAs() method in the Security class, but I just

    > >can't
    > >> > seem to be able to make it work. All I get is the infamous Invalid

    > >Subject
    > >> > error. All the subjects returned by the Weblogic API's are read-only,

    > >so
    > >I
    > >> > can't assign the required role to them. Is there any way I can pull

    > >this
    > >> > off: an authenticator calls a role protected EJB method on a

    different
    > >> > server in a different domain? If yes, how?
    > >> >
    > >> > Thanks,
    > >> >
    > >> > Gabor
    > >> >
    > >> >
    > >>
    > >>

    > >
    > >

    >




+ Reply to Thread