I use JBoss WildFly, Jax-Rs 2.0 and EJB 3.0.
I am trying to implement authentication by calling login method in my service.
@POST
@PermitAll
public Response login(AuthLoginElement al) {
try {
httpRequest.login(al.getUsername(), al.getPassword());
return Response.status(Response.Status.OK).build();
} catch (ServletException e) {
return Response.status(Response.Status.UNAUTHORIZED)
.entity(e.getMessage())
.build();
}
}
Also my EJB is annotated properly to WildFLy documentation.
@Stateless
@RolesAllowed({ "guest", "admin" })
@SecurityDomain("test-policy")
public class SecuredEJB {
public String getSecurityInfo() {
// Session context injected using the resource annotation
Principal principal = ctx.getCallerPrincipal();
return principal.getName();
}
In my standalone.xml I have defined security domain:
<security-domain name="test-policy" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/SecurityDS"/>
<module-option name="principalsQuery" value="select password from PRINCIPLES where principal_id=?"/>
<module-option name="rolesQuery" value="select user_role, 'Roles' from ROLES where principal_id=?"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
</authentication>
</security-domain>
However after calling httpRequest.login(), 200 is returned but nothing happens, security logs are clears and user is not authenticated. Could you help me or suggest another way of authentication to EJB?
Aucun commentaire:
Enregistrer un commentaire