0 Replies Latest reply on Aug 30, 2007 4:51 PM by s j

    Classloader problem in principal propagation from WAR to EAR

    s j Newbie

      Reposting this question from Security forum as this could also be a deployment issue:

      I have a custom principal class which I want to use for SSO. I have a login service EJB (in an EAR) which creates this CustomPrincipal instance and returns the same to a client WAR when the client logs in to the web app.

      On further EJB invocations (which lie in the EAR which has the Login service also) from client WAR, the CustomPrincipal instance returned from the LoginService is set the on the InitialContext's SECURITY_PRINCIPAL attribute:

      contextProperties.put(Context.SECURITY_PRINCIPAL, customPrincipal);
       contextProperties.put(Context.SECURITY_CREDENTIALS, customCredential);
       // ... other properties set here
       context = new InitialContext(contextProperties);

      On the server side (in the EAR), an EJB interceptor gets the Principal from the sessionContext and checks whether the Principal is an instance of CustomPrincipal:

      Principal principal = sessionContext.getCallerPrincipal();
       if (principal instanceof CustomPrincipal)
       //do some logging and timing checks and continue
       else throw new Exception("Unsupported principal");

      When I run the code, I get the Exception with the message "Unsupported Principal". The Principal I get is an instance of CustomPrincipal but its class loader is WebappClassLoader, where as the CustomPrincipal (on the right side of the instanceof operator) class reference class loader is UnifiledClassLoader3. I am unable to understand the reason and fix for this.

      The CustomPrincipal class is in a JAR which is present inside both the EAR and the WAR file.

      My jboss-app.xml in the EAR is this:
      <?xml version="1.0"?>

      My jboss-web.xml in the WAR is this:
      <?xml version="1.0"?>

      Another point worth mentioning is that when the CustomPrincipal instance is created by the Login service the class loader is UnifiedClassLoader3. But when its returned to the WAR, the class loader is WebappClassLoader.
      Please help.