1 Reply Latest reply on Oct 7, 2011 8:05 AM by ccob

    Problem propagating WS-Security to EJB3 security

    ccob Newbie

      Hi,

       

      I am in the process of moving a AS6 compatible project over to AS7.  Part of this project involves as EJB3 based web service with WS-Security, SecurityDomain and RolesAllowed for method security.

       

      I have a custom CXF interceptor that handles the authentication using Picketbox via SecurityFactory.establishSecurityContext.  From this I then get a SecurityContext to finally getting an AuthenticationManager.

       

      Authenticating with the AuthenticationManager works via the configured SecurityDomain within standalone.xml via the DatabaseServerLoginModule but I am having problems propagating the subject down to EJB3 security.  On AS6 I used SecurityAdaptor.pushSubjectContext method, but the method doesn't exist on AS7.

       

      How should one propagate a subject authenticated via AuthenticationManager down to EJB3 as currently I still get an EJBAccessException.

       

      Thanks.

        • 1. Re: Problem propagating WS-Security to EJB3 security
          ccob Newbie

          I figured it out in the end just in case others would like to know the answer.  Intially I was using

           

          SecurityFactory.establishSecurityContext("securitydomain");
          

           

          to retreive a SecurityContext to make a call to

           

          getUtil().createSubjectInfo(principal, password, subject);
          

           

          But this didn't seem to propagate down to EJB and the prinicpal still ended up being the anonymous principal name.  By using

           

          SecurityContextAssociation.getSecurityContext();
          

           

          to retrieve the SecurityContext instead of using the SecurityFactory's establishSecurityContext method, and then calling the createSubjectInfo as before, the principal propagate correctly as expected.