File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Credentials not passed into EJB Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Credentials not passed into EJB" Watch "Credentials not passed into EJB" New topic

Credentials not passed into EJB

John KurtzMan

Joined: Apr 20, 2012
Posts: 1

We would like to pass in some credentials (either public or private) into an EJB to pass in meta data about the user (certificate, etc). Using a custom login module, on the client side the code is

Subject subject = loginContext.getSubject();
CustomCred credential = new CustomCred();

Within the EJB, I am trying to pull out the credential thus:

Subject caller = (Subject) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
Set<?> privateSet = caller.getPrivateCredentials();
Set<?> publicSet = caller.getPrivateCredentials();


The credentials do not show up, but the subject does, as I can get the principal out. I have tried this on glassfish 3.1 and JBoss 5.1, with the same results. Glassfish does put in some authentication information within the private credential, but JBoss does not. Neither seems to support passing in meta data via credentials.

My questions are:
1. Am I doing this correctly?
2. Are Credentials supported in Glassfish or JBoss?
3. If not supported, are there other ways of passing in user meta data?

Thank you in advance

I agree. Here's the link:
subject: Credentials not passed into EJB
It's not a secret anymore!