Hello.
I have a client/server application with Jboss and many stateless session bean 2.1.
I have wroten JAAS authentication with my own LoginModule class, y propagate the security context sending the authenticated principal to the EJB stub:
public class MyLoginModule extends ClientLoginModule {
...
public boolean login() throws LoginException {
...
String user = ...
String password = ...
MyPrincipal myprincipal = new MyPrincipal (user, password);
SecurityAssociation.setPrincipal((java.security.Principal) myprincipal);
SecurityAssociation.setCredential(password);
SecurityAssociation.setSubject(subject);
...
This is the object myprincipal:
public class MyPrincipal extends SimplePrincipal implements Serializable {
...
public MyPrincipal (String user, String password)
{
super(user);
this.password = password;
}
...
By this way i can obtain the authenticated principal in the server side:
MyPrincipal myPrincipal= (MyPrincipal)this.sessionContext.getCallerPrincipal();
Everything is OK with Jboss versions 4.X.X, the last version i used was 4.2.3. The application executes with a standalone application with a launcher (.bat or .sh) or with web start.
I try to update with Jboss 5.1.0 and the standalone application functions well, but when i execute wiht web start and i obtain the authenticated principal in my ejb, i get "anonymous".
I try EJB 3, Jboss 6 and the problem persists.
In forums i see a line of code that i don't have in my LoginModule class:
SecurityAssociation.setServer();
With this line of code i get the principal object only for the first ejb object i create, the following ejb's i create get "anonymous". This occurs with .bat launcher and with web start.
¿Am i doing something wrong? ¿How can i propagate the security context with web start and Jboss 5.0.1?
Thanks and Sorry if my english is poor.