0 Replies Latest reply on Sep 22, 2010 5:50 AM by anarb

    Propagate security context with Jboss 5

    anarb

      Hello.

      I have a client/server application with Jboss and many stateless session bean 2.1.

      I have wroten JAAS authentication with my own LoginModule class, y  propagate the security context sending the authenticated principal to  the EJB stub:



      public class MyLoginModule extends ClientLoginModule {

      ...

      public boolean login() throws LoginException {

      ...

      String user = ...

      String  password = ...

      MyPrincipal myprincipal = new MyPrincipal (user, password);

      SecurityAssociation.setPrincipal((java.security.Principal) myprincipal);

      SecurityAssociation.setCredential(password);

      SecurityAssociation.setSubject(subject);

      ...





      This is the object myprincipal:

      public class MyPrincipal extends SimplePrincipal implements Serializable {

      ...

      public MyPrincipal (String user, String password)

      {

      super(user);

      this.password = password;

      }

      ...


      By this way i can obtain the authenticated principal in the server side:

      MyPrincipal myPrincipal= (MyPrincipal)this.sessionContext.getCallerPrincipal();



      Everything is OK with Jboss versions 4.X.X, the last version i used was  4.2.3. The application executes with a standalone application with a  launcher (.bat or .sh) or with web start.

      I try to update with Jboss 5.1.0 and the standalone application  functions well, but when i execute wiht web start and i obtain the  authenticated principal in my ejb, i get "anonymous".

      I try EJB 3, Jboss 6 and the problem persists.

      In forums i see a line of code that i don't have in my LoginModule class:

      SecurityAssociation.setServer();



      With this line of code i get the principal object only for the first ejb  object i create, the following ejb's i create get "anonymous". This  occurs with .bat launcher and with web start.



      ¿Am i doing something wrong? ¿How can i propagate the security context with web start and Jboss 5.0.1?



      Thanks and Sorry if my english is poor.