Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 6. Login Modules for EJBs and Remoting

6.1. Remoting Login Module

Short name: Remoting

Full name: org.jboss.as.security.remoting.RemotingLoginModule

Parent: AbstractServer Login Module

The Remoting login module allows remote EJB invocations, coming in over remoting, to perform a SASL-based authentication. This allows the remote user to establish their identity via SASL and have that identity be used for authentication and authorization when making that EJB invocation.

Table 6.1. Remoting Login Module Options
OptionTypeDefaultDescription

useClientCert

boolean

false

If true, the login module will obtain the SSLSession of the connection and substitute the peer’s X509Certificate in place of the password.

6.2. Client Login Module

Short name: Client

Full name: org.jboss.security.ClientLoginModule

Client login module is an implementation of login module for use by JBoss EAP clients when establishing caller identity and credentials. This creates a new SecurityContext, assigns it a principal and a credential and sets the SecurityContext to the ThreadLocal security context. Client login module is the only supported mechanism for a client to establish the current thread’s caller. Both standalone client applications, and server environments, acting as JBoss EAP EJB clients where the security environment has not been configured to use the JBoss EAP security subsystem transparently, must use Client login module.

Note

It is also possible to configure interceptors within an EJB and the remote client to change the identity of the caller. The ejb-security-interceptors quickstart that ships with JBoss EAP provides a complete working example.

Warning

This login module does not perform any authentication. It merely copies the login information provided to it into the server EJB invocation layer for subsequent authentication on the server. Within JBoss EAP, this is only supported for the purpose of switching a user’s identity for in-JVM calls. This is NOT supported for remote clients to establish an identity.

Table 6.2. Client Login Module Options
OptionTypeDefaultDescription

multi-threaded

true or false

true

Set to true if each thread has its own principal and credential storage. Set to false to indicate that all threads in the VM share the same identity and credential.

password-stacking

useFirstPass or false

false

Set to useFirstPass to indicate that this login module should look for information stored in the LoginContext to use as the identity. This option can be used when stacking other login modules with this one.

restore-login-identity

true or false

false

Set to true if the identity and credential seen at the start of the login() method should be restored after the logout() method is invoked.

Red Hat logoGithubRedditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

© 2024 Red Hat, Inc.