Hi,
I am trying to access a stateful secured ejb from a stateless secured ejb within the same jboss3.0.4. The second stateful EJB has custom "client-interceptor" in its custom container configuration
1) EJB code [edited]
doLookup1()
{
String user = "user1";
PasswordCallbackHandler aCallbackHandler;
aCallbackHandler = new
PasswordCallbackHandler(user, user);
lc = new LoginContext("client-login",
aCallbackHandler);
lc.login();
Subject subject = lc.getSubject();
// Add a principal to the subject
Set principalSet = subject.getPrincipals();
Principal principal = new CustomPrincipal("user2");
principalSet.add(principal);
initialContext = new InitialContext();
// lookup the other secured ejb
doLookup2(initialContext);
}
doLookup2(InitialContext initialContext)
{
myHome = (MYHome) initialContext.lookup("MYHome");
myRemote = myHome.create();
}
2) <client-interceptor> in and [edited]
public Object invoke(Invocation invocation) throws Throwable
{
// Get the principal user2
Subject subject = SecurityAssociation.getSubject();
if (subject != null)
{
Set principals = subject.getPrincipals(CustomPrincipal.class);
System.out.println(principals.size());
// size == 1 if doLookup2()'s code is put
// inside the original function instead of calling
// the function, otherwise size == 0. WHY ??
}
I cannot understand why I am not able to see the principal I set in the subject inside this custom interceptor, whereas IF I PUT THE LOOKUP OF HOME/REMOTE INSIDE DOLOOKUP1() INSTEAD OF CALLING THE FUNCTION DOLOOKUP2() IT WORKS, I am able to !!!
Can someone please help me? I am completely confused.
Thanks,
-Mohsin