> [User] Authentication exception, principal=null
> [Default] java.rmi.RemoteException:
> checkSecurityAssociation; nested exception is:
You need to also do the client-side binding of the credentials, using JBoss ClientLoginModule
See the JBossSX article in JavaWorld or previous postings in this forum.
Not sure I caught it ...
I'm running a servlet, so what is the auth.conf file used? I suppose the same used by JBoss (in conf/tomcat, for example), isn't it?
So, we made our own module, say "xx", and in servlet init() we created a LoginContext("xx", handler).
Our jboss-web descriptor indicates, as the security-domain, jaas:/xx.
Everything seems correct, the user/password are recongnized too, but a null principal is passed to the EJB.
Do you mean we have to set the Context.SECURITY_CREDENTIALS and Context.SECURITY_PRINCIPAL in our context? we did it, but didn't work.
> Do you mean we have to set the
> Context.SECURITY_CREDENTIALS and
> Context.SECURITY_PRINCIPAL in our context? we did it,
> but didn't work.
> More ideas??
No, this way of setting a context is not supported by JBoss. You need to read either the online documentation or the JBossSX article on JavaWorld, search for "JBossSX" on javaworld.com and read the article.