2 Replies Latest reply on Sep 16, 2005 2:09 PM by michael_c_small

    J2EE Client Authenticated but Subject has no Principals

    alanboshier

      I'm hoping this is a really easy one to answer.

      I have a JBOSS J2EE application client that is using JAAS to log in and access EJB resources.

      I have a very simple setup for the client - it uses the ClientLoginModule only and a standard UsernamePasswordCallbackHandler. Authentication to the server is clearly working because my credentials are getting mapped to the correct roles inside the server EJBs.

      However in the client app the Subject returned from the LoginContext.login() calls has no Principals i.e.

      subject.getPrincipals().size()

      returns 0.

      Is there something obvious I've missed in order to allow the client to get at the list of principals?

        • 1. Re: J2EE Client Authenticated but Subject has no Principals
          starksm64

          The content of the Subject depends on the login modules. The ClientLoginModule only started doing this as of jboss-3.2.4. Prior to that it only passed the security context to the internal thread local store.

          • 2. Re: J2EE Client Authenticated but Subject has no Principals
            michael_c_small

             

            The ClientLoginModule only started doing this as of jboss-3.2.4 ...


            I'm using the ClientLoginModule along with a custom server login module. The sessionContext.getCallerPrincipal() returns the principal I set in the commit phase of my custom server login module, the client's loginContext.getSubject().getPrincipals(), however, does not show that principal. It only shows the SimplePrincipal with the name passed to the NameCallback. Is there a way to have the ClientLoginModule's Subject synchronized with the custom server login module's Subject.?