Discussions

EJB design: How to protect JNDI lookup?

  1. How to protect JNDI lookup? (3 messages)

    How to force JNDI authentication at the time of lookup. I want JNDI lookup to fail if no pricipal/credentials are supplied while getting intialcontext.

    I am using WAS 5.0.

    thanks

    Threaded Messages (3)

  2. Maybe using a ServiceLocator.

    public EJBHome getHome( UserContext uc ) throws ServiceLocatorException {
        
        Properties props = new Properties( );

        /*...*/

        props.put(Context.SECURITY_PRINCIPAL, uc.getUsername( ) );
        props.put(Context.SECURITY_CREDENTIALS, uc.getUserPassoword( ) );

        IntitialContext ic = new InitialContext( props );

        /*...*/
    }
  3. Thanks for your reply.

    Thats what i am doing. I want to ensure that the principal supplied is a valid user on the system and not an 'intruder'. Lookup should fail for invalide user/principals.
  4. How to protect JNDI lookup?[ Go to top ]

    That's a good idea.