How/Where were you using that class in previous versions?
The principal we are using for cross cutting concerns likeuser, mandator, version, etc.
We are using following methods for our security on a rich client or seam web frontend
On the server side we are using follwing methods to evaluate these values by @SecurityDomain and @Rolesallowed:
After I read the painfull thread: "jboss-as-client 7.0.0.CR1?"
It is clear - which means for our project: No Jboss 7.0
I am still wondering what happen to the SecurityAssociation.
I was using it to get and manipulating the current caller principal in the current context in a ejb.
If there a different way to retrieve and set the current principal and its crendential?
Can anybody help me?
To actually set these values you can still use the ClientLoginModule to make the association so that it can be used for authentication on the next call.
For the authentication stage is there a reason you can't just supply your own login module to perform the verification?
We are having a own login module, bu wer are using the principal to transport cross cutting concerning informations. E.g. multi-client capability which decides in a hibernate inteceptor which database schema used.
Does anybody know, how accessing the current principal in the context?
by availability of JBoss 7.1-B1 I came back to evaluate migration effort from jboss 4 to 7.
I still facing the Problem of the missing SecurityAssociation. I’ve searched for hours around, but I found nothing.
I am setting the caller principal in a Servlet (or RMI Client) by contextProperties.put(Context.SECURITY_PRINCIPAL, ...)
I have an interceptor which modifies each SQL Database call with the principal-coded dependent db-schema.
We used before SecurityAssociation.getPrincipal() - How can get the current caller principal without the SecurityAssociation?
ejbcontext.getCallerPrincipal() is not delivering the principal which was set in the calling context. It delivers anonymous.
Our DatabaseLoginModule is also using the SecurityAssociation.getPrincipal and SecurityAssociation.getCredential().
Unfortunately I found not much documentation about security and jboss 7.
I appreciate any help.
I think it is now "SecurityContextAssociation". Don't know, if it has all the "old" features, but it has some of them.
I hope, it helps someone.
JBoss AS7.x security is built on PicketBox. You may have more luck over there.
Also, if you have a look at the discussion @RolesAllowed, @DenyAll require presence of org.jboss.ejb3.annotation.SecurityDomain? you will find useful information on properly setting up the security domain in the jboss-ejb3.xml file, which replaces the old jboss.xml file. Additionally I posted some code that does some arquillian based integration testing of security elements by performing a JAAS login.
The ClientLoginModule used in AS7.1CR1b is found in the picketbox-4.0.6.Beta2.jar. There's a source jar for this in the maven repository.
The fact that you're getting anonymous as the caller principal tells me that you need to update your login module. My test code did exactly that until I included the ClientLoginModule in my javax.security.auth.login.Configuration object.