Hi all, I'm Cuspide
I'm developing an application using JAAS. I wrote my Login Module called PersonalModule (that implement LoginModule interface) and my CallbackHandler called PersonalCallbackHandler (that implement CallbackHandler Interface). The PersonalModule execute a query in a Postgres database to verify the identity. Also, I wrote a session bean called ManagerShipBean. In the ManagerShipBean's class, I implemented a method called foo() and in the setSessionContext method I printed SessionContext object (System.out.print(ctx.toString();)
In the ejb-jar.xml file I defined two roles: Admin and GenericUser. The Admin has all provileges, the genericUser has none.
<ejb-jar>
<enterprise-beans>
<ejb-name>ManagerShip</ejb-name>
src.ManagerShip.ManagerShipHome
src.ManagerShip.ManagerShipRemote
<ejb-class>src.ManagerShip.ManagerShipBean</ejb-class>
...
</enterprise-beans>
<assembly-descriptor>
<security-role>
<role-name>Admin</role-name>
</security-role>
<security-role>
<role-name>GenericUser</role-name>
</security-role>
<method-permission>
<role-name>
Admin
</role-name>
<ejb-name>ManagerShip</ejb-name>
<method-name>*</method-name>
</method-permission>
</assembly-descriptor>
</ejb-jar>
in the client side, I wrote:
PersonalCallbackHandler h = null;
h = new AppCallbackHandler(names, password);
LoginContext lc = new LoginContext("personal", handler);
lc.login();
if the username and passare are correct, it works, else it trows an exception (LoginException).
Now there is my problem: How do I tell Jboss that the user is the Admin or the GenericUser? In fact, whatever user logs in to the system, when I create the ManagerShipBean, the setSessionContext method says that the user is anonymous.