I have found what looks like a problem in propagating the caller principal from one EJB to another local EJB that's in the same JBoss security-domain. This only happens with a clustered JBoss setup and works if non-clustered. I am about to dig further into a simple test case which will reproduce the problem but, before I do, would appreciate some feedback on whether this is a known/fixed problem or if I'm doing something wrong.

The situation is this: the EJBs' security-domain has a JAAS login that doesn't initially know the username (it's interpretting a Kerberos ticket) so the login is done with a place-holder name, "KerberosUser", and the password is a base-64 encoded Kerberos ticket. The login succeeds and the subject is set up with a few principals:

1) the name of the user (fetched from the ticket), say, "Alice"

2) a java.security.acl.Group named "CallerPrincipal" which has a single member inside which is a principal for the user "Alice"

3) a java.seucrity.acl.Group named "Roles" which has members inside for groups this user is a member of

The special "CallerPrincipal" principal in (2) is a mechanism to get JBoss to change the caller principal name from the login name, "KerberosUser", to another name, "Alice".

This EJB, call it EJB1, can call getCallerPrincipal and the returned value is the exprected "Alice". The problem arises, however, when EJB calls another local EJB, call it EJB2. When EJB2 calls getCallerPrincipal, the returned value is "KerberosUser" and not the expected user. In other words the Group "CallerPrincipal" in (2) doesn't appear to be working.

I put some debugging println's in my EJBs and found also that EJB1 had the expected subject returned from a SecurityAssociation.getSubject call but the same call from EJB2 returned a null. This isn't really an issue for me but thought it interesting.

I might add too, that this problem happens on both 4.0.5 and 4.2.3 JBoss. I have not yet tried later versions but am working on it.

Regards,

Rick