7 Replies Latest reply on Aug 17, 2012 8:03 AM by sebbay

Local ejb calls are always 'anonymous' even with JAAS login before the invocation

michael_gronau Jun 25, 2012 9:33 AM

Hello,

I'm investigating in a litte problem with JBoss 7.2.x. I have some kind of timer service running as a mbean which calls a local ejb. Therefore the service performs a JAAS login with a custom login module and then calls the ejb. But as far as I can see the username in the ejb's session context is always 'anonymous' because the SimpleSecurityManager only creates a correct security context, when the call to the ejb comes from a remote client. Is this a bug?

With best regards,

Michael

1. Re: Local ejb calls are always 'anonymous' even with JAAS login before the invocation

sfcoy Jun 28, 2012 5:40 AM (in response to michael_gronau)

I think you need to authenticate with the same security realm that the EJB is using. You may find some clues by having a look at Testing secured EJBs on JBoss AS7.1.x with Arquillian.
Actions
2. Re: Local ejb calls are always 'anonymous' even with JAAS login before the invocation

michael_gronau Jun 28, 2012 5:58 AM (in response to sfcoy)

I do so, but its not working because, as i said, the SimpeSecurityManager only sets up a correct security context, if the RemotingContext is set.
Actions
3. Re: Local ejb calls are always 'anonymous' even with JAAS login before the invocation

jaikiran Jun 28, 2012 6:03 AM (in response to michael_gronau)

Michael, we'll need some application code to look at to really make sure we fix this the right way (if at all it turns out to be a bug). Like I mentioned in the https://issues.jboss.org/browse/AS7-5075 JIRA, the code need not be fully functional, but relevant snippets should be fine.
Actions
4. Re: Local ejb calls are always 'anonymous' even with JAAS login before the invocation

michael_gronau Jun 28, 2012 6:16 AM (in response to jaikiran)

Hi Jaikiran,

please give me a little bit more time :-) I will try to create some simple classes for you to reproduce it. Maybe I find, what i'm doing wrong during this process.
Actions
5. Re: Local ejb calls are always 'anonymous' even with JAAS login before the invocation

jaikiran Jun 28, 2012 6:34 AM (in response to michael_gronau)

Michael Gronau wrote:

Hi Jaikiran,

please give me a little bit more time :-)
No hurry, take your time :-)
Actions
6. Re: Local ejb calls are always 'anonymous' even with JAAS login before the invocation

michael_gronau Jul 2, 2012 7:13 AM (in response to jaikiran)

So,
thanks to Darran Lofthouse the solution is to configure the ClientLoginModule for authentication.

Sorry for any inconvenience.

Michael.
Actions
7. Re: Local ejb calls are always 'anonymous' even with JAAS login before the invocation

sebbay Aug 17, 2012 8:03 AM (in response to michael_gronau)

Hey Michael,

Can you please tell me, how to configure the ClientLoginModule?

Best regards,
Sebastian
Actions

Go to original post