aspose file tools*
The moose likes JBoss/WildFly and the fly likes Propagate security context with Jboss 5 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "Propagate security context with Jboss 5" Watch "Propagate security context with Jboss 5" New topic
Author

Propagate security context with Jboss 5

Jose Maria Romero
Greenhorn

Joined: Sep 07, 2010
Posts: 2
Hello.

I have a client/server application with Jboss and many stateless session bean 2.1.

I have wroten JAAS authentication with my own LoginModule class, y propagate the security context sending the authenticated principal to the

EJB stub:



public class MyLoginModule extends ClientLoginModule {

...

public boolean login() throws LoginException {

...

String user = ...

String password = ...

MyPrincipal myprincipal = new MyPrincipal (user, password);

SecurityAssociation.setPrincipal((java.security.Principal) myprincipal);

SecurityAssociation.setCredential(password);

SecurityAssociation.setSubject(subject);

...





This is the object myprincipal:

public class MyPrincipal extends SimplePrincipal implements Serializable {

...

public MyPrincipal (String user, String password)

{

super(user);

this.password = password;

}

...


By this way i can obtain the authenticated principal in the server side:

MyPrincipal myPrincipal= (MyPrincipal)this.sessionContext.getCallerPrincipal();



Everything is OK with Jboss versions 4.X.X, the last version i used was 4.2.3. The application executes with a standalone application with a

launcher (.bat or .sh) or with web start.

I try to update with Jboss 5.1.0 and the standalone application functions well, but when i execute wiht web start and i obtain the

authenticated principal in my ejb, i get "anonymous".

I try EJB 3, Jboss 6 and the problem persists.

In forums i see a line of code that i don't have in my LoginModule class:

SecurityAssociation.setServer();



With this line of code i get the principal object only for the first ejb object i create, the following ejb's i create get "anonymous". This

occurs with .bat launcher and with web start.



¿Am i doing something wrong? ¿How can i propagate the security context with web start and Jboss 5.0.1?



Thanks and Sorry if my english is poor.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Propagate security context with Jboss 5