1 Reply Latest reply on Dec 23, 2009 9:58 AM by sanches

    JAAS LoginModule is invoked for authentication even when MDB is annotated with @RunAs

    sanches

      Hello All,

       

      I use custom written JAAS LoginModule for the authorization in my EAR.


      I annotated MDB with @RunAs

      Secured stateless bean's method is invoked from onMessage() callback.

      When invocation of SLSB takes place, container firstly invokes my own LoginModule and tries to perform authentication.

       

      Is that normal and intended behavior? (I thought that @RunAs annotation should tell container to skip authentication)

       

      My implementation of LoginModule is based on UsernamePasswordLoginModule, which basically fails in its UsernamePasswordLoginModule.login() and propagates exception up to resulting "javax.ejb.EJBAccessException: Invalid User"

       

      Thus, invocation of secured EJB fails although MDB is annotated with @RunAs.

       

      If the behavior to invoke LoginModule is as intended, then does it [class LoginModule] have any means to detect that @RunAs directive is attached?

       

      Thank you,

      Alex.