2 Replies Latest reply on Dec 7, 2004 11:37 AM by starksm64

Identity unknown during first call to ejb after login

teseling Dec 7, 2004 9:07 AM

Hello,

I am experiencing some strange security behaviour during the first call to an session bean after loggin in (using form based authentication and the database login module).

When I am trying to acces a secured web resource I am persented the login page and login. After this I am directed to the originally requested web resource (Struts action). So the web container agrees that the logged in user has the correct roles for acces to this resource.

Now I make a call from this action to a stateless session bean which looks up the name of the logged in user to do some processing (esing SessionContext.getCallerPrincipal().getName()). I was very suprised that it returned "anonymous"!

Anonymous is indeed the identity that I configured for unauthenticated users, but this user has allready logged in, therefore his identity should be known. Now when I call this method again, it DOES return the correct user identity "erwin" in this testcase???

Could you explain whether this could be a bug or what I could be doing wrong, because as far as I know the ejb container should return me the correct identity in both cases!?

1. Re: Identity unknown during first call to ejb after login

teseling Dec 7, 2004 9:09 AM (in response to teseling)

Sorry for not putting this info in the original post, but I am using JBoss 4.0
Actions
2. Re: Identity unknown during first call to ejb after login

starksm64 Dec 7, 2004 11:37 AM (in response to teseling)

Its a bug that has been fixed in the 4.0.1RC2 release.
Actions

Go to original post