Hi all,

I've a question about how JAAS is working within JBoss. I'm in charge in securing our application so I've created some custom login modules ( that use SRP, certificate, smart card ) that populate a Subject object. This Subject object contains an identity and roles that will give access to some EJB on the server.

In the specification, it's stated that when making a call to in EJB ( using Subject.doAs( subject, action ) ), the populated subject is passed to the server. But it seems that this is not the case.

Indeed, when my client calls an EJB only roles that come from roles.properties ( since i'm using the default UserRolesLoginModule ) are checked against that EJB's method permissions.

Did I miss something ? If yes, can someone explain me how I can get on the server the Subject populated on the client side ?

Thanks a lot for you help.

Ludovic.