Spring Security 3 credentials from context to access remote EJB

[nickost]

Hi, I configured Spring Security to do authentication from database.
I tested it with a jsf page which do the login and it works.
After that i want configure an access to remote EJB deployed in Jboss container under secured domain with the same credentials.
All is working if i put manually the credentials in the xml file.

Code:

java.naming.security.principal = alberto
java.naming.security.credentials = alberto

What i want to do is automatically injected the credentials retrieved by spring context after login phase.

How can i do this?


This is my xml configuration:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:jee="http://www.springframework.org/schema/jee"
	xmlns:context="http://www.springframework.org/schema/context"
	xsi:schemaLocation="
		http://www.springframework.org/schema/beans 
		http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
		http://www.springframework.org/schema/jee 
		http://www.springframework.org/schema/jee/spring-jee-3.0.xsd
		http://www.springframework.org/schema/context 
       	http://www.springframework.org/schema/context/spring-context-3.0.xsd">

	<jee:remote-slsb id="userManagement" jndi-name="UserManagementImpl/remote"
		business-interface="***.UserManagement" resource-ref="true"
		lookup-home-on-startup="false" home-interface="***.UserManagement"
		refresh-home-on-connect-failure="true">
		<jee:environment>
			java.naming.factory.initial = org.jnp.interfaces.NamingContextFactory
			java.naming.provider.url = 192.168.179.77:1399
			java.naming.factory.url.pkgs = org.jnp.interfaces
			jnp.multi-threaded = true
		</jee:environment>
	</jee:remote-slsb>

	<bean id="csp" class="***.ASPManagementImpl" scope="session">
		<property name="user" ref="userManagement" />
	</bean>


</beans>

[nickost]

I found the solution itself.
This is the code to inject Remote EJB with credentials inserted at runtime after the login phase.

Code:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:jee="http://www.springframework.org/schema/jee" xmlns:aop="http://www.springframework.org/schema/aop"
	xmlns:context="http://www.springframework.org/schema/context"
	xsi:schemaLocation="http://www.springframework.org/schema/beans	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.0.xsd	http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">

	<bean id="jndiProperties" class="org.springframework.beans.factory.config.PropertiesFactoryBean" scope="session">
		<aop:scoped-proxy/>
		<property name="properties">
			<props>
				<!-- <prop key="java.naming.factory.initial">org.jnp.interfaces.NamingContextFactory</prop> -->
				<prop key="java.naming.factory.initial">org.jboss.security.jndi.JndiLoginInitialContextFactory</prop>
				<prop key="java.naming.provider.url">192.168.179.76:1399</prop>
				<prop key="java.naming.factory.url.pkgs">org.jnp.interfaces</prop>
				<prop key="jnp.multi-threaded">true</prop>
			</props>
		</property>
	</bean>

	<jee:remote-slsb id="userManagement" jndi-name="UserManagementImpl/remote" business-interface="com.company.asp.webapi.ifaces.UserManagement"
		resource-ref="true" lookup-home-on-startup="false" home-interface="com.company.asp.webapi.ifaces.UserManagement"
		refresh-home-on-connect-failure="true" environment-ref="jndiProperties">
	</jee:remote-slsb>

	<jee:remote-slsb id="serviceManagement" jndi-name="ServiceManagementImpl/remote" business-interface="com.company.asp.webapi.ifaces.ServiceManagement"
		resource-ref="true" lookup-home-on-startup="false" home-interface="com.company.asp.webapi.ifaces.ServiceManagement"
		refresh-home-on-connect-failure="true" environment-ref="jndiProperties">
	</jee:remote-slsb>

	<jee:remote-slsb id="customerManagement" jndi-name="CustomerManagementImpl/remote"
		business-interface="com.company.asp.webapi.ifaces.CustomerManagement" resource-ref="true" lookup-home-on-startup="false"
		home-interface="com.company.asp.webapi.ifaces.CustomerManagement" refresh-home-on-connect-failure="true"
		environment-ref="jndiProperties">
	</jee:remote-slsb>	

</beans>

Code:

package com.company.asp.security;

import java.io.IOException;
import java.util.Properties;

import javax.naming.Context;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.stereotype.Service;

public class AuthenticationSuccessHandler implements AuthenticationSuccessHandler {
	
	private Properties jndiProperties;

	public Properties getJndiProperties() {
		return jndiProperties;
	}

	public void setJndiProperties(Properties jndiProperties) {
		this.jndiProperties = jndiProperties;
	}

	public void onAuthenticationSuccess(HttpServletRequest req, HttpServletResponse res,
			Authentication auth) throws IOException, ServletException {

		SimpleUrlAuthenticationSuccessHandler sas = new SimpleUrlAuthenticationSuccessHandler();
		sas.onAuthenticationSuccess(req, res, auth);
		
//		HttpSession session = req.getSession();
//		setJndiProperties((Properties)session.getAttribute("jndiProperties"));

		User user = (User) auth.getPrincipal();
		jndiProperties.setProperty(Context.SECURITY_PRINCIPAL, user.getUsername());
		jndiProperties.setProperty(Context.SECURITY_CREDENTIALS, (String)auth.getCredentials());
	}

}