3 Replies Latest reply on Nov 7, 2003 1:41 PM by montia

    servlet->ejb principal=null

    Dominic Veit Newbie

      I am trying to call a secured ejb from a servlet (filter) that makes the web-authentication. Since the authentication is much more complex with the web-frontend, the ejb-authentication is only XMLLoginConfig.
      From a standard client the login to the ejb works through standard login-Context generation. From the servlet (jetty) the exception is: principal=null.

      Some code:

      Security.addProvider( new com.sun.net.ssl.internal.ssl.Provider() ) ;
      System.setProperty( "java.security.auth.login.config" , "META-INF/auth.conf" ) ;
      String dbUserName = "user" ;
      String dbPassword = "pwd" ;
      UsernamePasswordHandler upwdHandler = new UsernamePasswordHandler( dbUserName , dbPassword ) ;
      LoginContext loginContext = new LoginContext( "MDOSYSRealm" , upwdHandler ) ;
      loginContext.login() ;
      Context jndiContext = new InitialContext( );+

      I don't know, if the auth.conf has any sense, but during testing I had the feeling, that it doesn't do anything, but must be there.
      With the normal client it is:

      MDOSYSLoginConfig {
      org.jboss.security.ClientLoginModule optional ;

      The servlet only tells me something if I put in there MDOSysRealm which is the Realm in the login-config.xml . However if I put in MDOSysLoginConfig jboss tells me that there is no MDOSysLoginConfig. I presume, that jetty directly works through the login-config.xml and does not do anything with the java.security.auth.login.config.

      The deployment-descriptors all work (tested with external clients and server-server - two individual machines - communication).