I have written a simple session bean which echoes a
string. I access this bean via the web (jsp).
I can secure this bean using when i access it from a
servlet.
When I access it from a JSP the session context is not
set. I tried this with the JBOSS catalina bundle:
JBoss-2.4.4_Tomcat-4.0.1

Am I doing something wrong or is this a bug?

Regards,

Erik

JSP file
--------



echo


<jsp:useBean id="bean1" scope="session"
class="echo.EchoBean" />
<jsp:setProperty name="bean1" property="echo" value
= "Hello Erik" />

<h1>
JBuilder Generated JSP
</h1>

<%= bean1.getEcho() %>


Bean
----
package echo;

import java.rmi.*;
import javax.ejb.*;

/**
* Title:
* Description:
* Copyright: Copyright (c) 2002
* Company:
* @author unascribed
* @version 1.0
*/

public class EchoBean implements SessionBean {
private SessionContext sessionContext;
String echo;

public void ejbCreate() {
}
public void ejbRemove() {
}
public void ejbActivate() {
}
public void ejbPassivate() {
}
public void setSessionContext(SessionContext
sessionContext) {
System.out.println("Setting Session context");
this.sessionContext = sessionContext;
}
public void setEcho(String echo) {
this.echo = echo;

System.out.println("setEcho(String echo);");
}

public String getEcho() {
System.out.println("getEcho();");
return echo + " " +
sessionContext.getCallerPrincipal().getName();
}

}

web.xml
-------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems,
Inc.//DTD Web Application
2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>

<servlet-name>echoit</servlet-name>
<jsp-file>/echo.jsp</jsp-file>

<servlet-mapping>
<servlet-name>echoit</servlet-name>
<url-pattern>/restricted/echoit</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>Customer</display-name>
<web-resource-collection>
<web-resource-name>Collection1</web-resource-
name>
<url-pattern>/restricted/*</url-pattern>
<url-pattern>/echo.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Customer</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/logon.jsp</form-login-page>
<form-error-page>/logon_failed.jsp</form-error-
page>
</form-login-config>
</login-config>
<security-role>
<role-name>Customer</role-name>
</security-role>
<ejb-ref>
<ejb-ref-name>EJB/Echo</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type>
echo.EchoHome
echo.Echo
</ejb-ref>
</web-app>

ejb-jar.xml
-----------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems,
Inc.//DTD Enterprise JavaBeans
1.1//EN" "http://java.sun.com/j2ee/dtds/ejb-
jar_1_1.dtd">
<ejb-jar>
<enterprise-beans>

<ejb-name>Echo</ejb-name>
echo.EchoHome
echo.Echo
<ejb-class>echo.EchoBean</ejb-class>
<session-type>Stateful</session-type>
<transaction-type>Container</transaction-
type>

</enterprise-beans>
<assembly-descriptor>
<security-role>
<role-name>Customer</role-name>
</security-role>
<method-permission>
<role-name>Customer</role-name>


<ejb-name>Echo</ejb-name>
<method-name>*</method-name>

</method-permission>
</assembly-descriptor>
</ejb-jar>

jboss.xml
---------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss PUBLIC '-//JBoss//DTD JBOSS
2.4//EN' 'http://www.jboss.org/j2ee/dtd/jboss_2_4.dtd'>

<security-domain>java:/jaas/default</security-
domain>

<enterprise-beans>

<ejb-name>Echo</ejb-name>
<jndi-name>Echo</jndi-name>

</enterprise-beans>


jboss-web.xml
-------------
<?xml version="1.0" encoding="UTF-8"?>

<jboss-web>
<security-domain>java:/jaas/default</security-
domain>

<ejb-ref>
<ejb-ref-name>EJB/Echo</ejb-ref-name>
<jndi-name>Echo</jndi-name>
</ejb-ref>
</jboss-web>