JBoss 4.2.1: How to propagate authorization from web to EJB

sergerus Nov 22, 2010 7:32 AM

Hello!

I'm using JBoss 4.2.1 and I have multitier application. In web part I'm using container-based authorization (web.xml, login form). In EJB part I'm using container-based authorization too with @RolesAllowed annotation. Ok. When I login into application I get all my principal/roles. But if somebody else login after me - he get my principal and roles in secured methods. In unsecure methods he get own principal/roles.

Help please.

1. Re: JBoss 4.2.1: How to propagate authorization from web to EJB

welle Nov 22, 2010 7:57 AM (in response to sergerus)

Should work... Seems like a bug. Can you provide a testcase?
Actions
2. Re: JBoss 4.2.1: How to propagate authorization from web to EJB

sergerus Nov 25, 2010 5:00 AM (in response to welle)

Oh. Pardon me please! It was my mistake. I'm using Eclipse RAP framework, it use global ThreadPool. So security context correct propagate from parent to child thread, but there is no guarantee that parent and child context are equals.

Many thanks!
Actions

Go to original post