CODEWITHSUNDEEP
javajakarta-eewebsphereejb
Hillgod
Hillgod

Reputation:

How do you preform an EJB lookup with application security?

I'm trying to lookup an EJB from a standalone java application. I'm thinking in terms of WebSphere Application Server 6.1, but if someone knows how to do this for another application server, it may get me in the right direction.

What I'm currently doing:

        initialContext= new InitialContext(env);
    initialContext.lookup("");

    lc = new LoginContext("WSLogin", new WSCallbackHandlerImpl("wasadmin", "defaultWIMFileBasedRealm", "wasadmin"));
    lc.login();
    subject = lc.getSubject();
    WSSubject.setRunAsSubject(subject);

This isn't working... my subject is still "/UNAUTHENTICATED", and I get an error when I try to lookup the EJB. I'm also specifying the following parameters to the VM when executing the application:

-Dcom.ibm.CORBA.ConfigURL="C:\was\profiles\AppSrv01\properties\sas.client.props" -Djava.security.auth.login.config="C:\was\profiles\AppSrv01\properties\wsjaas_client.conf"

Upvotes: 3

Views: 1093

Answers (1)

Alex Punnen
Alex Punnen

Reputation: 6244

For WebSphere 6, was trying to acceess an secured EJB from a servlet (Jersey-RESTful WAR) also deployed in the same WebSphere; Here is the code that works

     Properties prop = new Properties();

    prop.put("org.omg.CORBA.ORBClass", "com.ibm.CORBA.iiop.ORB");   
    prop.put("java.naming.factory.initial", "com.ibm.websphere.naming.WsnInitialContextFactory");
    prop.put("java.naming.provider.url", "corbaloc:iiop:localhost:9810");
    prop.put("com.ibm.CORBA.securityEnabled", "true");
    prop.put("com.ibm.CORBA.validateBasicAuth", "true");


    Context ctx;
    try {
        ctx = new InitialContext(prop);

        System.out.println("Resolved Inital Context");
        Object ejbHome = ctx.lookup("");
        System.out.println("Resolved Home OperationManagerEJB");
        logger.info("So far so good, tryining to Login ");
        LoginContext lc;
        lc = new LoginContext("WSLogin",new WSCallbackHandlerImpl("username","password"));
        lc.login();

        logger.info("Login Suceeded with omc_user");
        WSSubject.setRunAsSubject(lc.getSubject()); //This is one key call 
        logger.info("Setting the authorization sibject");

References

http://pic.dhe.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=%2Fcom.ibm.websphere.express.doc%2Finfo%2Fexp%2Fae%2Frtrb_secprobs.html

http://pic.dhe.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=%2Fcom.ibm.websphere.express.doc%2Finfo%2Fexp%2Fae%2Fxsec_jaas.html

http://pic.dhe.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=%2Fcom.ibm.websphere.express.doc%2Finfo%2Fexp%2Fae%2Fxsec_jaas.html

Upvotes: 1

Related Questions