当前位置: 动力学知识库 > 问答 > 编程问答 >

authentication - Can a custom LoginModule be a stateful ejb?

问题描述:

I am using jboss-as-7.1.0.Final-SNAPSHOT and trying to set up custom login module that uses a database. I followed the instructions in the AS7 documentation to configure a new security domain in standalone.xml, security-domain in jboss-security.xml and security-constraint in web.xml and I set JBoss' logging to TRACE so I can see that my custom login module methods are being successfully invoked (e.g. login(), authenticate()).

I don't want to use manual transaction demarcation in my login module, so it would be great if my login module could be e a stateful ejb.

Taking a look at the JBoss AS7 : Security Domain Model article, which says:

Just write the FQCN in the code attribute and it should work out of the box.

To place the custom login module class files, you can place them in a jar and put it either:

application classpath of your web archive (war) or ejb jar or enterprise archive (ear) OR

separate module under the modules directory.

It looks like the sky's the limit on where I can place my login module, including within the EJB module of my application. Does this mean that my custom login module can be a stateful ejb? I haven't read anything that says, "No." However when I deploy my login module as stateful ejb injected managed beans and injected EntityManager do not appear to be injected; I get NullPointerException when I try to invoke methods on them.

I took a look at org.jboss.security.auth.spi.DatabaseServerLoginModule, which is provided as one of JBoss' default login modules. I wanted to see how database access is handled there. DataSource lookup is via InitialContext e.g.

InitialContext ctx = new InitialContext();

DataSource ds = (DataSource) ctx.lookup(dsJndiName);

conn = ds.getConnection();

and transactions are all handled manually. I don't want to use this approach if possible.

Can I use stateful ejb? Or am I way off base in my approach to this?

网友答案:

The question was answered on JBoss Community as follows:

  • Custom login module cannot be a stateful ejb because "the respective lifecycles of a stateful EJB and a login module are quite different," and "login modules are created and used for the duration of a single authentication step and then left to be garbage collected."

  • Custom login module can't use CDI, so one cannot inject a managed bean. One person said that it would be pretty cool if JAAS provided a means to inject a managed bean, and that someone needs to propose an update the JAAS spec. to allow this.

分享给朋友:
您可能感兴趣的文章:
随机阅读: