This week's book giveaway is in the OCPJP forum.
We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line!
See this thread for details.
The moose likes JBoss/WildFly and the fly likes JBoss Security Context propagation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "JBoss Security Context propagation" Watch "JBoss Security Context propagation" New topic

JBoss Security Context propagation

Andrey Rybak

Joined: Jun 05, 2004
Posts: 5

Frederico Melo wrote:

JAAS' security propagation between containers is not well specified actually. This usually is done using a ThreadLocal class wich propagates the authenticated principal to the EJB's stub on a specific container manner.
Jboss client LoginModules uses the class to make this association. So, in your web LoginModule you have to set your authenticated principal to this class, like the example:

SecurityAssociation.setServer(); //use ThreadLocal

<On your login() method you should use:>


I've implemented this method my own LoginModule:

public class MyLoginModule extends DatabaseServerLoginModule
public MyLoginModule()

public boolean login() throws LoginException
boolean login = super.login();

if (login)


return login;

I've also chained this login module with ClientLoginModule in my

Still I get no SecurityContext in my EJB:

(an exception message)
isCallerInRole() called with no security context. Check that a security-domain has been set for the application.

What's wrong ?
What do I need to do to set up a security domain ?
I agree. Here's the link:
subject: JBoss Security Context propagation