0 Replies Latest reply on Feb 12, 2014 6:38 PM by robatsu

    Valve authentication & EJBContext/SessionContext principal propagation


      I have a very straightforward problem that I haven't been able to answer.  We use a valve with our own custom authenticator class to authenticate the HttpRequest, and set a principal there.  This principal is not then automatically available in the EJB context via EJBContext.getCallerPrincipal - we continue to just get anonymous there.  I need to know how to propagate the principle we generate to the ejb context.  We are on AS 7.1.1.


      Here is some of our config and code:


      The valve is configured on our RestEasy endpoints.  In jboss-web.xml, we have:


      <?xml version="1.0" encoding="UTF-8"?>









      In OAuthSPRedirectFormAuthenticator.java:


      public class OAuthSPRedirectFormAuthenticator extends ServiceProviderAuthenticator {


          private static final String HEADER_AUTHORIZATION = "Authorization";

          private static final Pattern PATTERN_BEARER_TOKEN = Pattern.compile("Bearer (.+)");


          private final Logger logger = Logger.getLogger(this.getClass());



          public boolean authenticate(Request request, HttpServletResponse response, LoginConfig loginConfig) throws IOException {

              String authHeader = getAuthHeader(request);


              if (authHeader != null) {

                  Matcher tokenMatcher = PATTERN_BEARER_TOKEN.matcher(authHeader);

                  if (tokenMatcher.matches()) {

                      String token = tokenMatcher.group(1);

                      User user = getUserService().findUserByAccessToken(token);

                      if (user != null) {

                          final String userName = user.getUsername();

                          request.setUserPrincipal(generatePrincipal(request, userName, RoleUtils.generateRoles(user)));

                          ((HttpServletRequest) request).setAttribute(SheerIDConstants.ACCOUNT_ID, user.getAccountId());

                          ((HttpServletRequest) request).setAttribute(SheerIDConstants.USER_ID, user.getId());

                          ((HttpServletRequest) request).setAttribute(SheerIDConstants.ACCESS_TOKEN, token);

                          SecurityClient client;

                          } else {


                              return false;





              return super.authenticate(request, response, loginConfig);



      private static Principal generatePrincipal(Request request, String name, Set<UserRole> roles) {
         List<String> userRoles = new ArrayList<String>();
         return new GenericPrincipal(request.getContext().getRealm(), name, null, userRoles);



      And, by the way, even though we create a GenericPrincipal, our SessionContext in the ejb's returns a principal of class SimplePrinciple from sessionContext.getCallerPrincipal() that has a name of "anonymous".  Our beans are typically annotated as:




      @EJB(name = "java:global/UserServiceBean", beanInterface = UserServiceRemote.class)





      public class UserServiceBean extends AbstractSessionBean implements UserServiceRemote{



      Again, any help in getting this working would be very much appreciated.  It seems like it should be really simple, but I haven't been able to find the key to this one.