8 Replies Latest reply on Oct 8, 2013 5:35 PM by Rodney Kite

    Invalid User when calling session bean methods using the CallerIdentityLoginModule.

    Rodney Kite Newbie

        I have JAAS security set up so when a session bean is called from the web tier the database connection uses the users login and password via org.picketbox.datasource.security.CallerIdentityLoginModule to access the database.  This works great with JBoss 7.1.1.    In Wildfly 8 Alpha 4 I use the same setup.  Session bean calls use org.jboss.security.ClientLoginModule to set their principle and credential before bean invocations.   The Session bean lookup works fine but on invocation of a method I get javax.ejb.EJBAccessException: JBAS013323: Invalid User.  I have been using one Role for the entire application to implement this.  It does not appear the session bean methods recognize that the caller is the correct role.  If a PermitAll is added to a session beans method then the the invocation of the method succeed.       

       

        Is there a difference in JAAS setup of Wildfly?  Is this a Wildfly bug or is this a feature that has not been implemented yet?    I have been using this basic setup since JBoss 4.0.x and it has worked fine. 

        • 1. Re: Invalid User when calling session bean methods using the CallerIdentityLoginModule.
          jaikiran pai Master

          Please post the relevant code and the entire exception stacktrace.

           

          P.S: While posting code, xml or log, remember to use the syntax highlighter formatting which is available in the advanced editor (click the "Use advanced editor" on top right corner of the reply window)

          • 2. Re: Re: Invalid User when calling session bean methods using the CallerIdentityLoginModule.
            Rodney Kite Newbie

            standalone.xml  additions

             

             

            <datasource jndi-name="java:/jdbc/mpsIIDB" pool-name="jdbc/MPSIIDB" enabled="true">
                <connection-url>jdbc:jtds:sqlserver://Belvtssdfuranus:1433/MPSII</connection-url>
                <driver>jtds</driver>
                <security>
                  <security-domain>SqlServerDbRealm</security-domain>
                </security>
            </datasource>
            

             

            <security-domains>
                <security-domain name="mps-client-login" cache-type="default">
                    <authentication>
                        <login-module code="org.jboss.security.AltClientLoginModule" flag="required"/>
                    </authentication>
            </security-domain>
            

             

            <security-domain name="SqlServerDbRealm" cache-type="default">
                  <authentication>
                       <login-module code="mps.security.authentication.MpsSecureCallerIdentityLoginModule" flag="required" module="mps.security">
                           <module-option name="userName" value="mps_web"/>
                           <module-option name="password" value="-7034c4d611d93b8b515a0a1d12f9517b1be41cfcad87376470b14e07efd20935"/>
                           <module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=jdbc/MPSIIDB"/>
                           <module-option name="OverwriteSessions" value="true"/>
                       </login-module>
                   </authentication>
                </security-domain>
            </security-domains>
            

             

            Web Tier Client Code blows up with the following exception on session bean call

            Properties externalServerProperties = userManager30.readMpsAppServersProperties();

             

             

            19:43:46,479 ERROR [org.jboss.as.ejb3.invocation] (default task-3) JBAS014134: EJB Invocation failed on component UserManager30Bean for method public abstract java.util.Properties mil.tis.user.UserManager30.readTisAppServersProperties(): javax.ejb.EJBAccessException: JBAS013323: Invalid User
                at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:65) [wildfly-ejb3-8.0.0.Alpha4.jar:8.0.0.Alpha4]
                at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45) [wildfly-ejb3-8.0.0.Alpha4.jar:8.0.0.Alpha4]
                at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]
                at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:88) [wildfly-ejb3-8.0.0.Alpha4.jar:8.0.0.Alpha4]
                at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
                at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) [wildfly-ejb3-8.0.0.Alpha4.jar:8.0.0.Alpha4]
                at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
                at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [wildfly-ejb3-8.0.0.Alpha4.jar:8.0.0.Alpha4]
                at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
                at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
                at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
                at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:55) [wildfly-ejb3-8.0.0.Alpha4.jar:8.0.0.Alpha4]
                at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
                at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:55)
                at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
                at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:325)
                at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:428)
                at org.wildfly.security.manager.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:63)
                at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
                at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:325)
                at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]
                at org.jboss.invocation.PrivilegedInterceptor.processInvocation(PrivilegedInterceptor.java:75)
                at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)
                at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
                at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
                at org.jboss.as.ejb3.remote.LocalEjbReceiver.processInvocation(LocalEjbReceiver.java:248) [wildfly-ejb3-8.0.0.Alpha4.jar:8.0.0.Alpha4]
                at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:181) [jboss-ejb-client-2.0.0.Beta3.jar:2.0.0.Beta3]
                at org.jboss.ejb.client.EJBObjectInterceptor.handleInvocation(EJBObjectInterceptor.java:58) [jboss-ejb-client-2.0.0.Beta3.jar:2.0.0.Beta3]
                at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:183) [jboss-ejb-client-2.0.0.Beta3.jar:2.0.0.Beta3]
                at org.jboss.ejb.client.EJBHomeInterceptor.handleInvocation(EJBHomeInterceptor.java:83) [jboss-ejb-client-2.0.0.Beta3.jar:2.0.0.Beta3]
                at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:183) [jboss-ejb-client-2.0.0.Beta3.jar:2.0.0.Beta3]
                at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:42) [jboss-ejb-client-2.0.0.Beta3.jar:2.0.0.Beta3]
                at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:183) [jboss-ejb-client-2.0.0.Beta3.jar:2.0.0.Beta3]
                at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:125) [jboss-ejb-client-2.0.0.Beta3.jar:2.0.0.Beta3]
                at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:183) [jboss-ejb-client-2.0.0.Beta3.jar:2.0.0.Beta3]
                at org.jboss.ejb.client.EJBInvocationHandler.sendRequestWithPossibleRetries(EJBInvocationHandler.java:253) [jboss-ejb-client-2.0.0.Beta3.jar:2.0.0.Beta3]
                at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:198) [jboss-ejb-client-2.0.0.Beta3.jar:2.0.0.Beta3]
                at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:181) [jboss-ejb-client-2.0.0.Beta3.jar:2.0.0.Beta3]
                at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:144) [jboss-ejb-client-2.0.0.Beta3.jar:2.0.0.Beta3]
                at com.sun.proxy.$Proxy114.readTisAppServersProperties(Unknown Source)
                at mil.tis.session.CurrentUserTisNavigator.getFirstTierTabNavigationBeans(CurrentUserTisNavigator.java:89)
                at mil.tis.jsf.component.AbstractNavigatorPanelBackingBean.getFirstTierTabNavigationBeans(AbstractNavigatorPanelBackingBean.java:107)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_25]
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_25]
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_25]
                at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_25]
                at javax.el.BeanELResolver.getValue(BeanELResolver.java:363) [javax.el-3.0-b07.jar:3.0-b07]
                at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:176)
                at com.sun.faces.el.DemuxCompositeELResolver.getValue(DemuxCompositeELResolver.java:203)
                at com.sun.el.parser.AstValue.getValue(AstValue.java:140) [javax.el-3.0-b07.jar:3.0-b07]
                at com.sun.el.parser.AstValue.getValue(AstValue.java:204) [javax.el-3.0-b07.jar:3.0-b07]
                at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:226) [javax.el-3.0-b07.jar:3.0-b07]
                at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:109)
                at com.sun.faces.facelets.component.UIRepeat.getValue(UIRepeat.java:274)
                at com.sun.faces.facelets.component.UIRepeat.getDataModel(UIRepeat.java:250)
                at com.sun.faces.facelets.component.UIRepeat.setIndex(UIRepeat.java:444)
                at com.sun.faces.facelets.component.UIRepeat.doVisitChildren(UIRepeat.java:679)
                at com.sun.faces.facelets.component.UIRepeat.visitTree(UIRepeat.java:637)
                at javax.faces.component.UIComponent.visitTree(UIComponent.java:1740)
                at javax.faces.component.UIComponent.visitTree(UIComponent.java:1740)
                at javax.faces.component.UIComponent.visitTree(UIComponent.java:1740)
                at com.sun.faces.application.ValidateComponentNesting.processEvent(ValidateComponentNesting.java:53)
                at javax.faces.event.SystemEvent.processListener(SystemEvent.java:108)
                at javax.faces.event.ComponentSystemEvent.processListener(ComponentSystemEvent.java:118)
                at com.sun.faces.application.ApplicationImpl.processListeners(ApplicationImpl.java:2187)
                at com.sun.faces.application.ApplicationImpl.invokeListenersFor(ApplicationImpl.java:2163)
                at com.sun.faces.application.ApplicationImpl.publishEvent(ApplicationImpl.java:303)
                at org.jboss.as.jsf.injection.weld.ForwardingApplication.publishEvent(ForwardingApplication.java:294)
                at com.sun.faces.application.view.FaceletViewHandlingStrategy.buildView(FaceletViewHandlingStrategy.java:1002)
                at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:99)
                at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
                at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:219)
                at javax.faces.webapp.FacesServlet.service(FacesServlet.java:647)
                at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:87)
                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
                at io.undertow.websockets.jsr.JsrWebSocketFilter.doFilter(JsrWebSocketFilter.java:136)
                at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:56)
                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
                at io.undertow.websockets.jsr.JsrWebSocketFilter.doFilter(JsrWebSocketFilter.java:136)
                at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:56)
                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
                at mil.tis.authentication.AbstractAuthenticationFilter.doFilter(AbstractAuthenticationFilter.java:70)
                at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:56)
                at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
                at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
                at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:82)
                at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
                at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
                at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113)
                at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:52)
                at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
                at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
                at ieRequest(ServletSecurityConstraintHandler.java:55)
                at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
                `at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:65)
                at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:70)
                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
                at org.wildfly.extension.undertow.security.SecurityContextCreationHandler.handleRequest(SecurityContextCreationHandler.java:54)
                at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
                at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:207)
                at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:194)
                at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:72)
                at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:128)
                at io.undertow.server.HttpHandlers.executeRootHandler(HttpHandlers.java:36)
                at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:628)
                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
                at java.lang.Thread.run(Thread.java:724) [rt.j
            

            ***  Web Tier Code  ****

             

              The following function call dies with the error at the line -->

              Properties externalServerProperties = userManager30.readMpsAppServersProperties();

             

             

              public List<AbstractNavigatorBean> getFirstTierTabNavigationBeans() throws Exception
              {
                try
                {
                    if(insFirstTierTabNavigationBeans == null)
                    {
                        this.performClientJAASLogin();
                        UserManager30 userManager30 =
                          (UserManager30) ApplicationContext.singleton().lookupSessionBean(UserManager30.class, "UserManager30Bean");
                        Properties externalServerProperties = userManager30.readMpsAppServersProperties();
                        CallExternalPassCheckWebService callExternalPassCheckWebService = new CallExternalPassCheckWebService();
                        String externalCredential =
                          callExternalPassCheckWebService.retrieveMovementCoordinationServerCredential(externalServerProperties, insPassword);
                        insFirstTierTabNavigationBeans = userManager30.retrieveFirstTierTabNavigationBeans(externalCredential, externalServerProperties);
                    }
                }
                catch (Exception ex)
                {
                    log.error(ex.getMessage());
                    throw(ex);
                }
                return(insFirstTierTabNavigationBeans);
              }
            
            

             

             

               public static LoginContext performClientJAASLogin(String login, String password) throws LoginException
               {
                   LoginContext loginContext = null;
                   if (login != null)
                   {
                       MpsCallBackHandler mpsCallBackHandler = new MpsCallBackHandler(login, password);
                       loginContext = new LoginContext(insMpsClientLogin, mpsCallBackHandler);
                       loginContext.login();
                   }
                   return(loginContext);
               }
            
            

             

             

             

            public class MpsCallBackHandler implements CallbackHandler
            {
              private static final Logger log = Logger.getLogger(MpsCallBackHandler.class);
            
              private String userId;
              private char[] password;
            
                public MpsCallBackHandler(String argName, String argPassword)
                {
                    userId = argName;
                    password = argPassword.toCharArray();
                }
            
                public void handle(Callback[] callbacks) throws java.io.IOException, UnsupportedCallbackException
                {
                    log.debug("handle: in authentication callback handler");
                    NameCallback nameCallBack = (NameCallback)callbacks[0];
                    PasswordCallback passwordCallBack = (PasswordCallback)callbacks[1];
                    nameCallBack.setName(userId);
                    passwordCallBack.setPassword(password);
                }
            
            }
            
            

             

             

             

            *** Middle Tier Code ****

             

             

            Session Bean

             

            @Stateless(name = "UserManager30Bean")
            @TransactionAttribute(TransactionAttributeType.REQUIRED)
            @RolesAllowed("mpsUser")
            public class UserManager30Bean implements UserManager30
            {
                @PersistenceContext(unitName = "mpsEjb30")
                protected EntityManager entityManager;
                private static Logger log = Logger.getLogger(UserManager30Bean.class);
            
            
                @Override
                public Properties readMpsAppServersProperties()
                {
                      Properties result = null;
                      MpsAppServersProperties mpsAppServersProperties = new MpsAppServersProperties();
                      result = mpsAppServersProperties.readMpsAppServersProperties();
                      return (result);
                }
            
            }
            
            

             

             

            Custom call back handler which was made into a JBoss Module

             

             

            package mps.security.authentication;
            
            import org.picketbox.datasource.security.CallerIdentityLoginModule;
            import javax.security.auth.login.LoginException;
            import java.util.Map;
            import java.security.Principal;
            import javax.security.auth.Subject;
            import javax.security.auth.callback.CallbackHandler;
            import java.security.acl.Group;
            import org.jboss.security.SimpleGroup;
            import org.jboss.security.SimplePrincipal;
            import org.apache.log4j.Logger;
            import java.util.HashMap;
            import mps.encrypt.JBossPasswordEncryptionAlgorithms;
            
              /**
               * A simple login module that simply associates the principal making the
               * connection request with the actual EIS connection requirements.
               *
               * The type of Principal class used is
               * <code>org.jboss.security.SimplePrincipal.</code>
               * <p>
               *
               * @see org.jboss.resource.security.ConfiguredIdentityLoginModule
               *
               * @author Modified and renamed by Rodney Kite for Mps
               * @version $Revision:   1.0  $
               */
              public class MpsSecureCallerIdentityLoginModule extends CallerIdentityLoginModule
              {
            
                private static final Logger log = Logger.getLogger(MpsSecureCallerIdentityLoginModule.class);
            
                /**
                 * Default Constructor
                 */
                public MpsSecureCallerIdentityLoginModule()
                {
                }
            
            
               @Override
               public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
               {
                  char[] decodedPassword = null;
                  String password = (String)options.get("password");
                  Map newOptions = new HashMap(options);
                  if(password != null)
                  {
                    try
                    {
                      decodedPassword = JBossPasswordEncryptionAlgorithms.decode(password);
                      newOptions.put("password", new String(decodedPassword));
                    }
                    catch(Exception e)
                    {
                      log.error("Failed to decode password", e);
                    }
                  }
            
                  super.initialize(subject, handler, sharedState, newOptions);
            
               }
            
            
                protected Group[] getRoleSets() throws LoginException
                {
                  Group[] groups = new Group[2];
                  SimpleGroup rolesGroup = new SimpleGroup("Roles");
                  rolesGroup.addMember(new SimplePrincipal("mpsUser"));
            
                  groups[0] = rolesGroup;
            
                  SimpleGroup principlesGroup = new SimpleGroup("CallerPrincipal");
            
                  Principal principal = getIdentity();
            
                  principlesGroup.addMember(new SimplePrincipal(principal.toString()));
            
                  groups[1] = principlesGroup;
            
                  log.debug("getRoleSets called");
            
                  return (groups);
                }
              }
            
            

            Edited by Jaikiran Pai - (Tried to) fix formatting.

            • 3. Re: Invalid User when calling session bean methods using the CallerIdentityLoginModule.
              jaikiran pai Master

              I intentionally had made a note about formatting in my previous post:

              P.S: While posting code, xml or log, remember to use the syntax highlighter formatting which is available in the advanced editor (click the "Use advanced editor" on top right corner of the reply window)

              Please do that. It really becomes difficult to focus on the problem when someone just dumps large amount of unformatted code/xml/log in the post.

              • 4. Re: Re: Invalid User when calling session bean methods using the CallerIdentityLoginModule.
                Rodney Kite Newbie

                  I did the best I could do to format the code.  The syntax highlighter does not work with xml.

                • 5. Re: Re: Re: Invalid User when calling session bean methods using the CallerIdentityLoginModule.
                  Stephen Coy Master
                  <drivers>
                      <driver name="h2" module="com.h2database.h2">
                          <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
                      </driver>
                      <driver name="jtds" module="mps.jtds">
                          <driver-class>net.sourceforge.jtds.jdbc.Driver</driver-class>
                      </driver>
                  </drivers>
                  

                  ?

                  • 6. Re: Re: Re: Invalid User when calling session bean methods using the CallerIdentityLoginModule.
                    Rodney Kite Newbie

                      jtds is the JDBC driver we use for SqlServer.  I put the jtds jar in a module called mps.jtds.    This is the exact configuration we use with JBoss 7.1.1 

                    • 7. Re: Re: Invalid User when calling session bean methods using the CallerIdentityLoginModule.
                      jaikiran pai Master

                      Rodney Kite wrote:

                       

                        I did the best I could do to format the code.  The syntax highlighter does not work with xml.

                      Thank you. I edited that post of yours to fix the rest of the formatting and yes I experienced the problem you ran into with formatting that xml and some other parts. It looks like the annoying nature of this forum editor has stayed even in this upgraded version

                       

                      I'll take a look at your application problem when I find some time later today and if someone else doesn't get to it first.

                      • 8. Re: Re: Invalid User when calling session bean methods using the CallerIdentityLoginModule.
                        Rodney Kite Newbie

                        I upgraded to WildFly 8 Beta 1 and am still having the same problem.  Is there a resource that shows an example of using JAAS security on session bean methods?

                         

                          I can successfully call Session bean methods marked as unchecked if the session bean call does not have a Client JAAS Login call before the Session bean construction/lookup.   If I call a session bean method which is unchecked after performing the client JAAS Login the invocation fails with Invalid User exception 

                         

                        Any session bean methods that have a role attached to them will raise Invalid User exception whether or not a client JAAS login is performed.  This is the part I need to figure out.  Is this a JBoss Wildfly bug or a change in the way it is configured?