1 Reply Latest reply on Aug 2, 2003 11:53 PM by lwahana

    Pass the User/Principles from Web Container to EJB Container

    lwahana Newbie

      Hi, I want to know whether the Login Context in the Web Container will be accessible in the EJB Container in the same way.

      For example, If the user is authenticated in the web container, how does EJB Container know that there is currently login user.

      Could you please give me reference or brief explanation for this case. Thanks.


        • 1. Re: Pass the User/Principles from Web Container to EJB Conta
          lwahana Newbie

          I'd like to further explain my problem when I worked with security implementation in EJB.

          Assuming that I set web.xml and ejb-jar.xml properly, and using "the same" security domain name (JNDI name for security manager) that I wrote at jboss.xml and jboss-web.xml.
          I am using Form based security login (j_security), and it works fine in the web container to authenticate and athorise user.

          The problem is, when I call method in Session EJB, there is an exception, telling me that I do not have permission for create home interface.
          This happen when I specify the security domain in jboss.xml (whether I set the authorisation setting in the ejb-jar.xml or not).

          The Question:
          Did I miss some steps before calling EJB methods, so that I dont have permission to acess them?

          When I removed Security Domain, and checked the User's Principles of the active Subject in the EJB container, it is similar to the User's Principles in the web container.

          Please help me with this problem.