1 Reply Latest reply on Sep 6, 2004 11:28 AM by kristiane

    SecurityContext propagation

    Andrey Rybak Newbie

      Hello

      I've uncommented SSO in jbossweb-tomcat50.sar/server.xml

      I'm using two LoginModules in my application policy:
      DatabaseServerLoginModule and
      ClientLoginModule

      Still I get no security context in my EJB, which
      forces me to pass a username as a parameter and
      execute the roles query myself again from inside
      the EJB - a clearly poor solution.

      What do I miss ?
      Any help would be appreciated.


      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
      <module-option name = "dsJndiName">java:/MySqlDS</module-option>
      <module-option name = "principalsQuery">select Password from users where Username=?</module-option>
      <module-option name = "rolesQuery">select rolename, 'Roles' from user_roles where username=?</module-option>
      </login-module>
      <login-module code="org.jboss.security.ClientLoginModule" flag = "required">
      <module-option name = "password-stacking">useFirstPass</module-option>
      <module-option name = "multi-threaded">true</module-option>
      </login-module>


        • 1. Re: SecurityContext propagation
          kristiane Newbie

          Hi,

          Did you ever solve the problem. I have the same problem using JBoss 3.2.4 with Tomcat 5.0. I get the message:

          17:18:50,825 INFO [Engine] SingleSignOn[localhost]: Process request for '/notat
          base/velkommen.do'
          17:18:50,825 INFO [Engine] SingleSignOn[localhost]: Checking for SSO cookie
          17:18:50,825 INFO [Engine] SingleSignOn[localhost]: SSO cookie is not present


          How is this "SSO cookie" set?

          Regards,
          - Chris