0 Replies Latest reply on Apr 22, 2013 3:36 AM by egspjf

    SecurityContextAssociation gets cleared when accessing a war

    egspjf Newbie

      Hi,

       

      We are deploying an ear and a war on JBoss 7 AS. We are able to login to the application (ear) and conduct transactions. We use the SecurityContextAssociation to set the principal. We access the web application from a browser. After doing this, our application throws exception. This is because EJBContext.getCallerPrincipal() no longer returns an instance of our principal but jboss SimplePrincipal . On debugging, we found that the call to the web server is setting a new SecurityContext. It's been done by SecurityContextAssociationValve.

       

      How can we prevent the SecurityContext from getting cleared and a new one being set when the web application is accessed ?

       

      regards

      egspjf