jaas

I'm trying to understand how the JAAS principal propagates to the Business/EJB tier from web tier. I've read that the if the roles/realm is configured in login-config & security-context of web.xml then the servlet container will also transparently pass the authenticated principal to the EJB Tier. Two questions 1.) First & more importantly is that true ? Without any intervention from the developer ! 2.) And secondly any idea how that works under the hood. yes it's true. that's generally the point of ejb, to take the "hard" stuff out of the hands of the developer (e.g. security, transactions,

jboss-web.xml <?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain flushOnSessionInvalidation="true">my-aktion </security-domain> <valve> <class-name>utils.MyAuthenticator</class-name> </valve> </jboss-web> standalone.xml <security-domain name="my-aktion" cache-type="default"> <authentication> <login-module code="utils.MyAuthenticator" flag="required"> <module-option name="dsJndiName" value="java:jboss/datasources/MySQLDS"/> <module-option name="principalsQuery" value="SELECT password FROM user WHERE username=?"/> <module-option name="rolesQuery" value="SELECT r.role, 'Roles'

I'm using mockito to test a legacy JAAS/LDAP login module. The javax.security.auth.callback.CallbackHandler interface defines the function: void handle(javax.security.auth.callback.Callback[] callbacks) I'm expecting callbacks to contain a NameCallback , which is the object that needs to be manipulated to pass the test. Is there a way to mock this effectively, or would I be better off with a stubbed implementation of CallbackHandler ? For functions returning void , use doAnswer() doAnswer(...).when(mockedObject).handle(any(Callback[].class)); And an Answer that performs the interception must

I'm trying to find a simple, flexible way to add JaaS authentication to REST. I found a post that I think leads me in the right direction (See StevenC's answer). It sounds like the servlet container is responsible for security, not the Jersey code itself. I like this idea, but need a little guidance on implementation. Grizzly is my servlet container and I want to configure it to use JaaS for authentication. For now, a simple username/password combination would be fine, and hard-coding the username/password pairs directly in code is fine. As long as it uses JaaS, we can refine those details

Kafka can be configured to use several authentication mechanisms: plaintext username/password, Kerberos or SSL. The first 2 use SASL, where there is a JAAS config file required. For the plain text auth method, the config looks like (taken from the documentation ): KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="admin-secret" user_alice="alice-secret"; }; I want to authenticate if possible using LDAP. My question is this: if I replace the PlainLoginModule with a class that implements LoginModule and place this