We are using a standalone client to connect to Glassfish 3.1 (release version
under linux )
If we try and connect from our standalone client using certificate
authentication it all works fine.
When we try and add a AppservCertificateLoginModule to perform authorisation
based on the certificate then it fails with an *iiop.login_exception*. Turing
on finer logging we get a
javax.security.auth.common.login.LoginException:No Certificate Credential
Found from LoginContextDriver.java:728
The same AppservCertificateLoginModule works when we connect via a JSP page
it is only an iiop connect that fails.
When it fails, it enters our constructor OK but never calls our
authenticateUser.
This appears to be a bug with iiop which seems to be the poor cousin these
days in Glassfish. We are trying to move from Glassfish 2 but this is a
blocker for us.
Our login module is currently simple eg
public class TestCertificateLoginModule extends AppservCertificateLoginModule
{ public TestCertificateLoginModule() { super() _logger.info("Constructor");
} @Override protected void authenticateUser() throws LoginException {
_logger.info("authenticate"); String[] groupArray={"ADMIN"};
commitUserAuthentication(groupArray); return; } }
We set this up by this adding to our login.conf
certRealm:{ test.TestCertificateLoginModule requlogLevel="FINE"; }
We made glassfish use this by running
asadmin set
configs.config.server-config.security-service.auth-realm.certificate.property.jass-context=certRealm
We are using a simple Stateless session eg
@Stateless @DeclareRoles("ADMIN") @AllowRoles("ADMIN") public class
TestStateless implements TestStatelessRemote { @Override public String
hello() { return "hello"; } }
our sun-ejb-jar.xml contains
<enterprise-beans> <security-role-mapping> <role-name>ADMIN</role-name>
<group_name>ADMIN</group-name> </security-role-mapping> <ejb>
<ejb-name>TestStateless</ejb-name> <jndi-name>TestStateless</jndi-name>
<ior-security-config> <transport-config> <integrity>required</integrity>
<confidentiality>required</confidentiality>
<establish-trust-in-target>supported</establish-trust-in-target>
<establish-trust-in-client>required</establish-trust-in-client>
</transport-config> <sas-context>
<caller-propagation>supported<caller-propagation> </sas-context>
</ior-security-config>
Our client code contains
InitialContext ic = new InitialContext(); TestSessionRemote t =
(TestSessionRemote)ic.lookup("TestSession"); t.hello();
--
[Message sent by forum member 'james100']
View Post: http://forums.java.net/node/785161