File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JBoss/WildFly and the fly likes Propagate security context with Jboss 5 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "Propagate security context with Jboss 5" Watch "Propagate security context with Jboss 5" New topic

Propagate security context with Jboss 5

Jose Maria Romero

Joined: Sep 07, 2010
Posts: 2

I have a client/server application with Jboss and many stateless session bean 2.1.

I have wroten JAAS authentication with my own LoginModule class, y propagate the security context sending the authenticated principal to the

EJB stub:

public class MyLoginModule extends ClientLoginModule {


public boolean login() throws LoginException {


String user = ...

String password = ...

MyPrincipal myprincipal = new MyPrincipal (user, password);

SecurityAssociation.setPrincipal(( myprincipal);




This is the object myprincipal:

public class MyPrincipal extends SimplePrincipal implements Serializable {


public MyPrincipal (String user, String password)



this.password = password;



By this way i can obtain the authenticated principal in the server side:

MyPrincipal myPrincipal= (MyPrincipal)this.sessionContext.getCallerPrincipal();

Everything is OK with Jboss versions 4.X.X, the last version i used was 4.2.3. The application executes with a standalone application with a

launcher (.bat or .sh) or with web start.

I try to update with Jboss 5.1.0 and the standalone application functions well, but when i execute wiht web start and i obtain the

authenticated principal in my ejb, i get "anonymous".

I try EJB 3, Jboss 6 and the problem persists.

In forums i see a line of code that i don't have in my LoginModule class:


With this line of code i get the principal object only for the first ejb object i create, the following ejb's i create get "anonymous". This

occurs with .bat launcher and with web start.

¿Am i doing something wrong? ¿How can i propagate the security context with web start and Jboss 5.0.1?

Thanks and Sorry if my english is poor.
I agree. Here's the link:
subject: Propagate security context with Jboss 5
It's not a secret anymore!