0 Replies Latest reply on Jun 21, 2016 9:14 PM by George Turner

    Container does not propagate security context

    George Turner Newbie

      I am using 2 way SSL and I have a servlet that calls and EJB method to get the user principal and roles and it works fine.  But I also have a thin client javascript (RAP) portion of code that the secuirty context does not get passed to the bean.  The client code (running in the server) is get a reference to the bean like this:

       

      // first check to see if this code is running inside the WildFly container, as in the case of the thin client
      try {

         beanCtx = new InitialContext();

         remote = (CommunicationBeanRemote) beanCtx.lookup("java:global/NetCentric/EJB/CommunicationBean");

      } catch (NamingException ne) {

         if (beanCtx != null) {

         try {

         beanCtx.close();

        } catch (NamingException e) {

         //
         }

        }

      }

      if remote is not null, the method on the bean is invoked directly, if not the servlet interface is called which then calls the bean using normal RDI, which works great.  It is the call to the bean made with this lookup that doesn't work.  I have the audit logging turned on, and I can see the caller is authenticated and the roles fetched from LDAP, but the InitialContext here is not using that user security context.  Can someone tell me how I can force the security context of the caller into this "remote" context (which is not REALLY remote, just a bad variable naming)