Hi everybody,

I've developed a EJB3.0 Application; now I want to add security using JAAS.

The client is a rich Delphi application that comunicates with server via HTTP througth a servelt. This servlet has this login JAAS code:

loginContext = new LoginContext("GTSPDB", new MyCallbackHandler(user, password));
 loginContext.login();

where user and password come in the HTTP request. The user authentication works fine but when I call the sessioncontext getCallerPrincipal into the sessionbean and error raises:

12:31:11,304 TRACE [SecurityAssociation] getCallerPrincipal, principal=null
12:31:11,320 ERROR [STDERR] java.lang.IllegalStateException: No valid security context for the caller identity

I've declared the security context in login-config.xml

<application-policy name = "GTSPDB">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
 <module-option name="dsJndiName">java:/MySqlHibernate</module-option>
 <module-option name="principalsQuery">SELECT password FROM user WHERE name=?</module-option>
 <module-option name="rolesQuery">SELECT rolename,'Roles' FROM userrole WHERE userrole.username=?</module-option>
 </login-module>
 </authentication>
 </application-policy>

and tables in database are populated with these user and roles data.

I've read the "JAAS Howto: README FIRST" but I haven't found solution.

Why Principal is not propagated to sessionbean if login works¿? what am I doing wrong¿? am I missing something¿?

thanks very much for your help.

pedro.