3 Replies Latest reply on Mar 28, 2014 8:15 AM by Sergiu Pienar

    Getting "anonymus" caller principal in EJB

    Sergiu Pienar Expert

      Using JBoss 7.1.1 Final.

       

      My problem is the same as Re: Login-Principal is not propagated to Ejb's SessionContext ...

      I am calling a web-service from SOAP UI - passing in correct credentials - the EJB that the web-service exposes is annotated like this:

       

      @Stateless
      @RemoteBinding(jndiBinding = "ejb:all/all-ejbs/ExecutorBean!com.ExecutorRemote")
      @LocalBinding(jndiBinding = "java:global/all/all-ejbs/ExecutorBean!com.ExecutorLocal")
      @Local({ ExecutorLocal.class })
      @Remote({ExecutorRemote.class })
      @WebService(name = "ExecutorService", serviceName = "ExecutorService")
      @WebContext(contextRoot = "/service", urlPattern = "/ExecutorService", secureWSDLAccess = false, authMethod = "BASIC", transportGuarantee = "NONE")
      @SecurityDomain(value = "myRealm")
      @EndpointConfig(configName = "Standard WSSecurity Endpoint")
      public class ExecutorBean{...
      

       

      The problem is that at one point I need the caller principal's name - which I get from the sessionContext:

       

      @Resource
      public void setSessionContext(final SessionContext sessionContext)
        throws EJBException, RemoteException {
        this.sessionContext = sessionContext;
        }
      

       

      However when I do the following:

       

      String logname = this.sessionContext.getCallerPrincipal().getName();
      

       

      I get "anonymus".

       

      Relevant sections from the configuration file below:

       

      <subsystem xmlns="urn:jboss:domain:security:1.1">
                  <security-domains>
                      <security-domain name="other" cache-type="default">
                          <authentication>
                              <login-module code="UsersRoles" flag="required">
                                  <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
                                  <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
                                  <module-option name="password-stacking" value="useFirstPass"/>
                              </login-module>
                          </authentication>
                      </security-domain>
                      <security-domain name="myRealm" cache-type="default">
                          <authentication>
                              <login-module code="com.LoginModule" flag="required">
                                  <module-option name="dsJndiName" value="java:jboss/datasources/myDS"/>
                                  <module-option name="hashAlgorithm" value="SHA"/>
                                  <module-option name="hashEncoding" value="BASE64"/>
                                  <module-option name="principalsQuery" value="SELECT u.password FROM ..."/>
                                  <module-option name="rolesQuery" value="SELECT p.label..."/>
                              </login-module>
                          </authentication>
                      </security-domain>
                      <security-domain name="client-login" cache-type="default">
                          <authentication>
                              <login-module code="com.LoginModule" flag="required" module="org.jboss.login.module">
                                  <module-option name="dsJndiName" value="java:jboss/datasources/myDS"/>
                                  <module-option name="hashAlgorithm" value="SHA"/>
                                  <module-option name="hashEncoding" value="BASE64"/>
                                  <module-option name="principalsQuery" value="SELECT u.password ..."/>
                                  <module-option name="rolesQuery" value="SELECT p.label,..."/>
                              </login-module>
                          </authentication>
                      </security-domain>
      

       

      <subsystem xmlns="urn:jboss:domain:remoting:1.1">
                  <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>
              </subsystem>
      

       

      <management>
              <security-realms>
                  <security-realm name="ManagementRealm">
                      <authentication>
                          <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                      </authentication>
                  </security-realm>
                  <security-realm name="ApplicationRealm">
                      <authentication>
                          <jaas name="myRealm"/>
                      </authentication>
                  </security-realm>
      

       

      In the EAR's META-INF I have a jboss-app.xml file with the following contents:

       

      <jboss-app xmlns="http://www.jboss.com/xml/ns/javaee"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="7.0">
           <security-domain>myRealm</security-domain>
      </jboss-app>
      

       

      The custom login module is deployed under modules/org/jboss/login and works fine for my base app but somehow the principal is not being propagated.