0 Replies Latest reply on Jan 17, 2003 7:03 PM by Mirza Mohsin Beg

    "client-login" from within an secured ejb

    Mirza Mohsin Beg Newbie

      Hi,

      I am trying to access a stateful secured ejb from a stateless secured ejb within the same jboss3.0.4. The second stateful EJB has custom "client-interceptor" in its custom container configuration

      1) EJB code [edited]
      doLookup1()
      {
      String user = "user1";
      PasswordCallbackHandler aCallbackHandler;
      aCallbackHandler = new
      PasswordCallbackHandler(user, user);
      lc = new LoginContext("client-login",
      aCallbackHandler);
      lc.login();
      Subject subject = lc.getSubject();

      // Add a principal to the subject
      Set principalSet = subject.getPrincipals();
      Principal principal = new CustomPrincipal("user2");
      principalSet.add(principal);

      initialContext = new InitialContext();

      // lookup the other secured ejb
      doLookup2(initialContext);
      }

      doLookup2(InitialContext initialContext)
      {
      myHome = (MYHome) initialContext.lookup("MYHome");
      myRemote = myHome.create();
      }


      2) <client-interceptor> in and [edited]

      public Object invoke(Invocation invocation) throws Throwable
      {
      // Get the principal user2
      Subject subject = SecurityAssociation.getSubject();
      if (subject != null)
      {
      Set principals = subject.getPrincipals(CustomPrincipal.class);

      System.out.println(principals.size());
      // size == 1 if doLookup2()'s code is put
      // inside the original function instead of calling
      // the function, otherwise size == 0. WHY ??
      }

      I cannot understand why I am not able to see the principal I set in the subject inside this custom interceptor, whereas IF I PUT THE LOOKUP OF HOME/REMOTE INSIDE DOLOOKUP1() INSTEAD OF CALLING THE FUNCTION DOLOOKUP2() IT WORKS, I am able to !!!

      Can someone please help me? I am completely confused.

      Thanks,

      -Mohsin