1 Reply Latest reply on Jan 30, 2003 4:29 PM by Peter Doornbosch

    jboss 3.0.3 security context

    magnus Newbie

      Hi,
      This may be a total newbie question so I apologise if it is.

      I am using DatabaseerverLoginModule (Oracle, which succcessfully authenticates the user when entering my secure area. Then I call a BMP entity bean from the servlet and within the bean call .getCallerPrincipal()on the EntityContext object.

      This throws an IllegalStateException : security context not set.

      I see from other threads on here that in jboss2.4.x it was also neccessary to log in to the client-module but as far as i can tell this is no longer necessary in jboss3.x. Can anyone confirm/deny this and if it is neccessary is there a good resource on it? I have read the popular javaworld article on doing it for 2.4 but a jboss3 reference would be very useful.


      regards
      Gus

        • 1. Re: jboss 3.0.3 security context
          Peter Doornbosch Apprentice

          > I am using DatabaseerverLoginModule (Oracle, which
          > succcessfully authenticates the user when entering my
          > secure area. Then I call a BMP entity bean from the
          > servlet and within the bean call
          > .getCallerPrincipal()on the EntityContext object.

          Did you specify a security domain for the bean? (jboss.xml in the ejb.jar)

          If that doesn't help, please tell me exactly what you are doing: are you using standard web security for your serlvet(s)? When is the user authenticated using the DatabaseerverLoginModule, is it a web user; for which domain (web or ejb) did you configure this module...?

          "see ya",
          Peter.


          > it was also neccessary to log in to the client-module
          > but as far as i can tell this is no longer necessary
          > in jboss3.x. Can anyone confirm/deny this and if it
          > is neccessary is there a good resource on it?

          If your servlet is authenticated using standard jboss (jetty) authentication, the use of a ClientLoginModule is not necessary (if that is what you mean...), propagating security context is done by the jboss-jetty integration code (JBossUserRealm to be precise).