3 Replies Latest reply on May 13, 2004 5:23 AM by urunkulia

    MDB, LoginContext, RunAs

    rp28 Newbie

      I have a MDB successfully running but I would like to make calls to various session beans under a certain user context, so I'm attempting to do something as follows:

      UsernamePasswordHandler a = new UsernamePasswordHandler("test","test");
      LoginContext lc = new LoginContext("simple", a);


      Subject s = lc.getSubject();

      Subject.doAs(s,new PrivilegedAction() {
      public Object run() {

      SomeSessionHome uh = [get home ]

      SomeSession un = uh.create();


      All is fine, and the authentication is working successfuly against my .properties files as I get an error with an invalid password, however the calls to the .create fails with

      java.lang.SecurityException: Authentication exception, principal=null

      Any ideas what I might be missing?

        • 1. Re: MDB, LoginContext, RunAs
          rp28 Newbie

          I needed to add
          <login-module code = "org.jboss.security.ClientLoginModule"
          flag = "required">

          as the last item in the section to the appropriate <application-policy> in the login-conf.xml.

          • 2. Re: MDB, LoginContext, RunAs
            urunkulia Newbie

            Hi rp28,

            I have the same problem with a MDB, that calls various secured session beans. These session are configured with <use-caller-identity/>.

            The MDB has no security identity due to asynchronous communication. I have tried using <run-as><role-name> with the MDB, but an AuthenticationException, principal=null is thrown.

            So I have tried to solve this problem with the code snippet you had written to get a security identity that can be passed to the session beans.

            The code snippet from the onMessage method of my MDB (JBoss 3.2.3 w/ Tomcat):

            CallbackHandler callbackHandler = new UsernamePasswordHandler(username, password);
             LoginContext lc = new LoginContext("test", callbackHandler);
             Subject subject = lc.getSubject();
             Subject.doAs(subject, new PrivilegedAction() {
             public Object run() {
             MySessionLocalHome home = [getHome];
             MySession mySession = home.create();
             return null;

            In login-config.xml I configured my <application-policy> with DatabaseServerLoginModule which works fine as long as I don't use MDBs.

            Though I get an AuthenticationException, principal=null.

            Any ideas? Have I forgotten to configure something? Any help would be appreciated.

            • 3. Re: MDB, LoginContext, RunAs
              urunkulia Newbie


              I've got a solution for my problem.

              This Thread helped to solve my problem:

              I had to add another login module in login-config.xml:
              code = "org.jboss.security.ClientLoginModule"
              flag = "required">

              I am using DatabaseServerLoginModule but it will only work correctly with the ClientLoginModule. The CallerIdentity is now passed from my MDB to my SessionBeans.