I've put a few printlns in, and found that username is null when UsernamePasswordLoginModule.getUsernameAndPassword() tries to collect it from the callbackHandler. That's strange because this code works when I start a client that uses the client auth.conf "other" (a ClientLoginModule). When I use the server auth.conf "client-login" (a ClientLoginModule) for my MBean, it doesn't. Looking at the ClientLoginModule code now.
No joy. Anyone have a clue why this works over the network, but not in the same vm?
Okay, I got it to work. Since my MBean was using TimerMBean to periodically kick off some thread, I have to (programatically)login (and logoff) each time. But I'm still confused: reading the code for SecurityAssociation, I gather that the default is for the security association to be available on a vm-wide basis, and that threadlocal is only turned on when setServer() is called. If that's the case, why must I log in each time? I must be misinterpreting something.
Um, I guess I may be confused.
I secured my session beans by specifying my own security domain, which uses the provided DatabaseServerLoginModule. Clients access the secured session beans by specifying "other", as given in the client-side auth.conf (a ClientLoginModule). On accessing the session beans authentication works fine.
The server side uses the DatabaseServerLoginModule, specified in mySecurityDomain.
Here's my difficulty: I have an MBean that periodically calls on my secured session beans. I specify "client-login" domain to the MBean's LoginContext (again, a ClientLoginModule), but on invoking the first secured method (create), the server barks with:
[Default] javax.security.auth.login.FailedLoginException: No matching username found in Principals
[Default] at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:96)
[Default] at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login
If I instead specify "MySecurityDomain", the same thing still happens.
How do i get the identity propagated into the right place?