0 Replies Latest reply on Mar 13, 2012 11:37 AM by jsofti

    EjbContext CallerPrincipal is always anonymous

    jsofti Newbie



      we're trying to setup a ldap authentication with the AS7.1 and we need help


      We manged it to authenticate with our ldap server, but now we have the problem, that  when we call ejbContext.getCallerPrincipal().getName() the result always is "anonymous".


      It seems that the login name isn't propagated correctly to the EjbContext, is that a bug or are we doing something wrong?


      Thank you for any help.



                  <security-realm name="ManagementRealm">
                          <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                  <security-realm name="ApplicationRealm">
                          <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                  <security-realm name="TestRealm">
                          <ldap connection="ldap://xxxxx:xxx" base-dn="ou=xxx,dc=dev,dc=xx">
                              <advanced-filter filter="(sAMAccountName={0})"/>
                     <security-domain name="xxx_ldap_domain" cache-type="default">
                              <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
                                  <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                                  <module-option name="java.naming.provider.url" value="ldap://xxxxx:xxx"/>
                                  <module-option name="java.naming.security.authentication" value="simple"/>
                                  <module-option name="searchTimeLimit" value="5000"/>
                                  <module-option name="principalDNSuffix" value="@xxx"/>
                                  <module-option name="searchScope" value="ONELEVEL_SCOPE"/>
                                  <module-option name="realm" value="TestRealm"/>



      public void doLogin() {
          try {
              CallbackHandler handler = new UserPassHandler(this.userName, this.pass);
              LoginContext lc = new LoginContext("xxx_ldap_domain", handler);
              getLogger().debug("login called");
              getLogger().debug("login ok " + lc.getSubject().toString());
              ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
          } catch (Exception e) {
              getLogger().fatal("Login failed", e);


      class UserPassHandler implements CallbackHandler {
          private String user, pass;
          private UserPassHandler(String user, String pass) {
              this.user = user;
              this.pass = pass;
          public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
              for (int i = 0; i < callbacks.length; i++) {
                  if (callbacks[i] instanceof NameCallback) {
                      NameCallback nc = (NameCallback) callbacks[i];
                  } else if (callbacks[i] instanceof PasswordCallback) {
                      PasswordCallback pc = (PasswordCallback) callbacks[i];
                  } else {
                      throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");



      Sample call (EJB)




      EJBContext ctx;

      public void logCaller(){
          Principal p = ctx.getCallerPrincipal();
          if (p != null) {
              String name = p.getName();
              getLogger().debug("ejbContext: " + name);