0 Replies Latest reply on Jan 17, 2003 7:03 PM by Mirza Mohsin Beg

    "client-login" from within an secured ejb

    Mirza Mohsin Beg Newbie


      I am trying to access a stateful secured ejb from a stateless secured ejb within the same jboss3.0.4. The second stateful EJB has custom "client-interceptor" in its custom container configuration

      1) EJB code [edited]
      String user = "user1";
      PasswordCallbackHandler aCallbackHandler;
      aCallbackHandler = new
      PasswordCallbackHandler(user, user);
      lc = new LoginContext("client-login",
      Subject subject = lc.getSubject();

      // Add a principal to the subject
      Set principalSet = subject.getPrincipals();
      Principal principal = new CustomPrincipal("user2");

      initialContext = new InitialContext();

      // lookup the other secured ejb

      doLookup2(InitialContext initialContext)
      myHome = (MYHome) initialContext.lookup("MYHome");
      myRemote = myHome.create();

      2) <client-interceptor> in and [edited]

      public Object invoke(Invocation invocation) throws Throwable
      // Get the principal user2
      Subject subject = SecurityAssociation.getSubject();
      if (subject != null)
      Set principals = subject.getPrincipals(CustomPrincipal.class);

      // size == 1 if doLookup2()'s code is put
      // inside the original function instead of calling
      // the function, otherwise size == 0. WHY ??

      I cannot understand why I am not able to see the principal I set in the subject inside this custom interceptor, whereas IF I PUT THE LOOKUP OF HOME/REMOTE INSIDE DOLOOKUP1() INSTEAD OF CALLING THE FUNCTION DOLOOKUP2() IT WORKS, I am able to !!!

      Can someone please help me? I am completely confused.