I've an EJB "A" that has a security role defined. EJB "A" accesses a method in EJB "B" (through local interface) that does not have a security role defined. Within EJB "B" when I try to retrieve the Subject via SubjectSecurityManager's getActiveSubject method, it returns a null.
JBOSS version 4.0.2
EJB 3.0
Accessing Subject within EJB "B" :
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.security.auth.Subject;
import org.jboss.security.SubjectSecurityManager;
Context ic = new InitialContext();
SubjectSecurityManager _subjectManager = (SubjectSecurityManager) ic.lookup("java:/jaas/" + "other"); // lookup the security domain
Subject subject = _subjectManager.getActiveSubject(); // returns null
EJB "A" has a security domain defined "java:/jaas/other".
Has anyone come across a situation when an EJB that does't have a security role associated tries to access Subject that was set by another EJB that has a security role defined?
Thanks for your help,
-Chakravarthy