3 Replies Latest reply on Nov 10, 2017 1:16 AM by Kather oli Abdul Rahim

    Roles are not injected to Web socket session.

    Kather oli Abdul Rahim Newbie

      I have created my application on top of JBoss Wildfly 8.2. I use same JAAS authentication to authenticate both HTTP connection & Web Socket connection. As part login process, set of roles is injected to the authenticated session.

      I have a EJB method with roles allowed annotation. When I try to access the bean method using JNDI lookup, If the method call is triggered from HTTP session (Servlet or struts action), JBoss allowed it. But if the method is invoked from Web socket server end point, JBoss throws EJBAccessException. I believe the roles are not injected into the Web socket session context.

       

      Note: For servlet and struts action, I use FORM authentication. For web socket, I use BASIC authentication.

       

      Can any one help on this?

       

      Thanks in advance.