1 Reply Latest reply on Apr 26, 2002 12:09 PM by John Baker

    Am I misunderstanding assigning security principals in web a

    John Baker Newbie

      I need to call an external EJB in my web app under a different user name. To switch principal I am creating a LoginContext in my servlet init() method whos CallBack hander sets the correct user name required for the external EJBs. Then in the service() method I call LoginContext.login() to switch identity. The callbacks definitely get called when I lookup the bean (and it gets found ok) but the the EJB container doesn't ever pick up the principal. This method worked fine from a GUI app. Do I need to set the principal in a different way?

      [ERROR,SecurityInterceptor] Authentication exception, principal=null
      [ERROR,Default] java.rmi.RemoteException: checkSecurityAssociation; nested excep
      tion is:
      java.lang.SecurityException: Authentication exception, principal=null
      [ERROR,Default] java.lang.SecurityException: Authentication exception, principal

        • 1. Re: Am I misunderstanding assigning security principals in w
          John Baker Newbie

          Here's jboss-web.xml to help narrow things down. Is this correct to access an external ejbs from the servlet that have their own security domain (katalyzt)?