• Post Reply Bookmark Topic Watch Topic
  • New Topic

EJB Declarative Method Level Security  RSS feed

 
Laxmi Narayan
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
I am getting principal from openLDAP server using JAAS, i am giving security roles and method permissions in my ejb-jar.xml file. can anyone explain me how to pass the principal got from LDAP to EJB container so that the container check the method permission at runtime.
Regards
Laxmi Narayan
 
Mallik Hiremath
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Usually while you connect to the EJB server you have to specify the username and password in the initial context and then establish the connection, then the EJB server will authenticate and authorize the user with the help of your JAAS login module. So its your responsibility to code the JAAS (if one is not provided by the container) and then the EJB container will call your login module to authenticate and authorize the user to lookup or execute a method on an EJB.
Usually the EJB container vendors specify how the EJB container calls the JAAS login modules and how to configure JAAS modules with in the J2EE containers, so you have to go through your vendors documents to get JAAS configuration information.
--Mallk
 
Laxmi Narayan
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Mr.Mallik,
But one thing i would like to ask u, that currently i am passing iam passing the principal got from openldap to the JNDI lookup before calling the EJB method. It is working fine but the problem is, i cannot store the JNDI lookup's in cache since i am sending the principal to JNDI lookup.

I would like to know from u, how we can assign dynamically principal got from openldap to EJB server so that it can check EJB security automatically based on ejb-jar.xml file.
Laxmi Narayan
 
Mallik Hiremath
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you give some more information on the type of EJB server you are using?
I don't know how you are passing the principal object that you get from the LDAP to the JNDI lookup, can you let us know about your JNDI code?
Below is the code that shows an example of getting the initial context to the EJB server and then this initial context is used to lookup the Beans and to execute the method calls on them
private static Context getInitialContext() throws NamingException
{
Hashtable env = new Hashtable();
env.putContext.INITIAL_CONTEXT_FACTORY, "com.evermind.server.rmi.RMIInitialContextFactory");
env.put(Context.SECURITY_PRINCIPAL, "admin");
env.put(Context.SECURITY_CREDENTIALS, "admin-password");
env.put(Context.PROVIDER_URL, "ormi://localhost/ejb-application");
return new InitialContext(env);
}
 
Laxmi Narayan
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Properties properties = new Properties();
properties.put(Context.INITIAL_CONTEXT_FACTORY,"weblogic.jndi.WLInitialContextFactory");
properties.put(Context.SECURITY_AUTHENTICATION, "simple");
properties.put(Context.SECURITY_PRINCIPAL, LDAPPrincipal.LDAP_PRICIPAL);
ServiceLocator locator = new ServiceLocator(properties);

ProfileMgmtFacadeHome home =
ProfileMgmtFacadeHome)locator.getRemoteHome("ProfileMgmtFacade", ProfileMgmtFacadeHome.class);
ProfileMgmtFacade profileMgmt = home.create();
Above is the sample code that iam using to pass principal from ldap to EJB Server using initial context and then using the locator object for JNDI lookup. I would like to know from you is this right way to pass principal to EJB server. Will it be any problem if i store the home object in cache. I want to pass pricipal while calling some methods not all.if this is the case i have to write two methods to get initial context. I would like to know from u is their any other way to pass the principal to EJB server.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!