camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Willem Jiang <willem.ji...@gmail.com>
Subject Re: Can't get JAAS working for EJB 3.0(on JBoss) while routing.
Date Wed, 14 Sep 2011 08:13:00 GMT
Spring Security is setting the token as a thread local variable, but in 
Camel it doesn't do the trick as the Camel as an async routing engine, 
which means the calling thread could be changed.
I think we can set up a composite registry which can look up the beans 
from jndi and spring application context at the same time.

On Wed Sep 14 15:39:26 2011, vhalitsyn wrote:
> Hi,
>
> I'm trying to setup a route which would send some of my data to the remote
> EJB eg:
>
>    <from uri="file:data/inbox?noop=true"/>
> <policy ref="admin">
>    <to uri="bean:TestReceiverService?method=myMethod"/>
> </policy>
> <log message="sent!!" loggingLevel="INFO"/>
>
> I'm using spring context for configuration, but I can't stop getting the
>
> org.apache.camel.RuntimeCamelException: javax.ejb.EJBAccessException:
> Authentication failure
>
> exception when invoking the beans method. If I use the not-JAAS protected
> bean everything works like a charm. One would suggest using the ejb
> component instead of bean, but I would argue as if I configure my Registry
> to resolve names from the JBoss JNDI I can't get normal spring beans located
> in my routes. So, as I understand, I'm forced to using spring beans and wire
> them to EJB's. I've done that in the next way:
>
> <jee:remote-slsb environment-ref="jndiProps" id="TestReceiverService"
>                       jndi-name="ear-name/TestReceiverService/remote"
>
> business-interface="services.TestReceiverServiceRemote"/>
>
> I have the spring security configured using
>
>      <spring-security:authentication-manager alias="authenticationManager">
>      	<spring-security:authentication-provider
> user-service-ref="userDetailsService"/>
>      </spring-security:authentication-manager>
>
>      <spring-security:user-service id="userDetailsService">
>          <spring-security:user name="myUser" password="myPass"
> authorities="ROLE_JBOSS_CLIENT_LOGIN"/>
>      </spring-security:user-service>
>
>      <authorizationPolicy id="admin" access="ROLE_JBOSS_CLIENT_LOGIN"
>                           authenticationManager="authenticationManager"
>                           accessDecisionManager="accessDecisionManager"
>
> xmlns="http://camel.apache.org/schema/spring-security"/>
>
> and JAAS configured using
>
>     <bean id="jaasAuthenticationProvider"
>
> class="org.springframework.security.authentication.jaas.JaasAuthenticationProvider"
>>
>          <property name="loginConfig" value="jaas.conf"/>
>          <property name="loginContextName" value="clientAuth"/>
>          <property name="callbackHandlers">
>              <list>
>                  <bean
>
> class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler"/>
>                  <bean
>
> class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler"/>
>              </list>
>          </property>
>      </bean>
>
> But this does not work for authentication, even if I set the Authenticated
> user both with the Exchange and Spring like:
>
> Collection<GrantedAuthority>  authorities = new
> LinkedList<GrantedAuthority>();
>          authorities.add(new
> GrantedAuthorityImpl("ROLE_JBOSS_CLIENT_LOGIN"));
>          UsernamePasswordAuthenticationToken authToken = new
> UsernamePasswordAuthenticationToken("myUser", "myPass", authorities
>          );
>
>          // wrap it in a Subject
>          Subject subject = new Subject();
>          subject.getPrincipals().add(authToken);
>
>          // place the Subject in the In message
>          exchange.getIn().setHeader(Exchange.AUTHENTICATION, subject);
>          SecurityContextHolder.getContext().setAuthentication(authToken);
>
> The only thing that(obviously) helps is manually doing the
>
> LoginContext ctx = new LoginContext("clientAuth", new
> UsernamePasswordHandler("myUser","myPass"));
> ctx.login();
>
> in the rote.
>
> *So my question is whether there is a way to tell camel to authenticate a
> given user automatically when the request to the JAAS protected resource is
> issued, without adding the manual ClientLogin code. Or am I looking in the
> wrong direction?*
> The workaround I have now(adding a processor which would do the ctx.login())
> works but I'm really concerned about correctness of this approach.
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/Can-t-get-JAAS-working-for-EJB-3-0-on-JBoss-while-routing-tp4801889p4801889.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>



-- 
Willem
----------------------------------
FuseSource
Web: http://www.fusesource.com
Blog:    http://willemjiang.blogspot.com (English)
         http://jnn.javaeye.com (Chinese)
Twitter: willemjiang 
Weibo: willemjiang 


Mime
View raw message