0 Replies Latest reply on Sep 22, 2010 5:50 AM by Ana RB

    Propagate security context with Jboss 5

    Ana RB Newbie


      I have a client/server application with Jboss and many stateless session bean 2.1.

      I have wroten JAAS authentication with my own LoginModule class, y  propagate the security context sending the authenticated principal to  the EJB stub:

      public class MyLoginModule extends ClientLoginModule {


      public boolean login() throws LoginException {


      String user = ...

      String  password = ...

      MyPrincipal myprincipal = new MyPrincipal (user, password);

      SecurityAssociation.setPrincipal((java.security.Principal) myprincipal);




      This is the object myprincipal:

      public class MyPrincipal extends SimplePrincipal implements Serializable {


      public MyPrincipal (String user, String password)



      this.password = password;



      By this way i can obtain the authenticated principal in the server side:

      MyPrincipal myPrincipal= (MyPrincipal)this.sessionContext.getCallerPrincipal();

      Everything is OK with Jboss versions 4.X.X, the last version i used was  4.2.3. The application executes with a standalone application with a  launcher (.bat or .sh) or with web start.

      I try to update with Jboss 5.1.0 and the standalone application  functions well, but when i execute wiht web start and i obtain the  authenticated principal in my ejb, i get "anonymous".

      I try EJB 3, Jboss 6 and the problem persists.

      In forums i see a line of code that i don't have in my LoginModule class:


      With this line of code i get the principal object only for the first ejb  object i create, the following ejb's i create get "anonymous". This  occurs with .bat launcher and with web start.

      ¿Am i doing something wrong? ¿How can i propagate the security context with web start and Jboss 5.0.1?

      Thanks and Sorry if my english is poor.