Hi folks,
I just downloaded the new JBoss Version
2.4.1_Tomcat-3.2.3. I deployed the our application which worked out fine with JBoss 2.4.0_Tomcat-3.2.3.
The following piece of code shows the usage of the getCallerPrincipal method in our application:
Principal principal = null;
if (!MessageDrivenContext.class.isAssignableFrom(_ejbCtx.getClass())) {
try{
principal = ejbCtx.getCallerPrincipal();
}
catch(Exception ignore){}
}
if (principal != null)
_userName = principal.getName();
else
_userName = DEFAULT_USERNAME;
System.out.println("Principal.getName() is: " + principal.getName());
System.out.println("userName is: " + _userName);
The method call principal.getName() returns null, but in my opinion it should return the String "system" (- the default CallerPrincipal of EJBs if no explicit username was given.)
Is this a bug in the new JBoss version ? I can't remember that the EJB specification was changed again.
There is no standard default user named "system" defined in the EJB spec and JBoss has never had this notion so what is the security configuration of the EJB and the JAAS login configuration for the security-domain?