-
1. Re: Principals from and Message Bean
adrian.brock Nov 29, 2003 5:33 AM (in response to mkprim)You must perform a JAAS login using the
"Client-Login" policy
Regards,
Adrian -
2. Re: Principals from and Message Bean
mkprim Dec 2, 2003 10:18 AM (in response to mkprim)I'm doing so, but i cannot get authenticated.
My client has a Client-Login module.
My server has a DatabaseServerLoginModule.
But whenever I try to access a SLSB from the onMessage, the server shows a "guest" role, even if I logged with another username-role
Thanks,
Marcelo -
3. Re: Principals from and Message Bean
adrian.brock Dec 4, 2003 7:52 AM (in response to mkprim)? Login on a client will have no affect on the mdb.
You need to login inside the mdb
Regards,
Adrian -
4. Re: Principals from and Message Bean
ftg314159 Dec 5, 2004 1:36 PM (in response to mkprim)I'd like to ask some follow-up questions on this topic.
I have the same problem as the poster - wanting to set the MDB caller Principal dynamically, in my case using a Subject with PrivateCredential passed in the message.
It occurred to me to do a JAAS login from the MDB, but it wasn't clear to me whether doing that would remove MDB restrictions from session bean code called from the MDB.
For example, it is illegal for an MDB to call getCallerPrincipal(). Does this change if the MDB does a JAAS login ? Will session bean methods called by the MDB after the JAAS login be able to call getCallerPrincipal() ?
Also, can the now-authenticated MDB use session beans described in its <ejb-local-ref> elements under the new Principal, or have these been pre-wired to the \<runAs\> Principal ? -
5. Re: Principals from and Message Bean
starksm64 Dec 6, 2004 1:00 PM (in response to mkprim)No, an mdb can never call getCallerPrincipal. Doing a jaas login is equivalent to a dynamic run-as assignment.
-
6. Re: Principals from and Message Bean
sappenin Oct 10, 2006 11:57 PM (in response to mkprim)Is this still true in the context of EJB3 and the RunAs annotation?
Scott Stark: "No, an mdb can never call getCallerPrincipal. Doing a jaas login is equivalent to a dynamic run-as assignment."
Thanks!
David