Hi all!
I'm trying to write tests for ejb3.0. This EJB's are secured by JAAS and security works fine. But i really need to test correct configuration in deployment descriptors, annotations, realms, loginmodules and so on.
To do that i've wrote simple web app that doing this:
try
{
LoginContext ctx = new LoginContext("ldapRealm",new SimpleCallBack(username,password));
ctx.login();
InitialContext content = new InitialContext();
SecureBean mngmt = (SecureBean) content.lookup("com.SecureBean");
mngmt.callSecureBusinessMethod();
ctx.logout();
}
catch(Exception e)
{
try {
writer.println("Error: "+e.getMessage());
} catch (IOException e1) {
e1.printStackTrace();
}
}
where "ldapRealm" is loginmodule (contains in domain1/config/login.conf)
username & password obtained from request.
So. It does not work. login method throws exception: No credentials.
I've read glassfish sources and find this:
PasswordCredential pwdCred = null;
try {
Iterator i = _subject.getPrivateCredentials().iterator();
while (i.hasNext() && pwdCred==null) {
Object privCred = i.next();
if (privCred instanceof PasswordCredential) {
pwdCred = (PasswordCredential)privCred;
}
}
} catch (Exception e) {
_logger.log(Level.WARNING, "passwordlm.nocreds", e.toString());
}
if (pwdCred==null) {
_logger.log(Level.SEVERE, "passwordlm.nopwdcred");
String msg = sm.getString("pwdlm.nocreds");
throw new LoginException(msg);
}
Why i must use security specific features in my client? And how i can provide PasswordCredential? And the last question: why my callback handler is ignored?
I thought that my callback handler must be used to create this credential...
[Message sent by forum member 'dernasherbrezon' (dernasherbrezon)]
http://forums.java.net/jive/thread.jspa?messageID=260401