2 Replies Latest reply on Mar 8, 2004 1:39 PM by nishantk

    getCallerPrincipal returns only the Unauthenticated Role

    nishantk Newbie

      I have been struggling with JAAS for a while, but have not found any documentation or a topic that completely addresses my issue (or I have seen it but was not able to recognize it)

      This question is related to receiving the Principal from the SessionContext of a Stateless Session Bean. The bean is accessed using a factory based API class that I can execute from the command line. In the factory class, the user logs in using the following code:

      try {
      MyCallbackHandler cbhandler = new MyCallbackHandler(userId,pwd);
      lc = new LoginContext("mydomain", cbhandler);
      catch(LoginException le) {
      throw new Exception(e);

      try {
      catch (LoginException le1) {
      throw new Exception(le1);

      After this, from another method, the factory class instantiates the Home object reference and calls the create method to return an instance of the remote interface. I can then call a method on the remote interface.

      On calling a method, that method in the EJB implementation executes the following code:

      String loggedInUser = getSessionContext().getCallerPrincipal().getName();

      Even after the successful login, the value of loggedInUser is always "Unknown", which is the unauthenticated identity set up in the deployment descriptor.

      How can I get the EJB to recognize the user I logged in as? Do all the method invocations need to somehow be wrapped in a doAs call (which would require creating some kind of privilegedAction class wrapper around all my Session Beans, of which I have quite a few)? If so, what do I wrap?