1 Reply Latest reply on Sep 11, 2004 9:54 PM by Scott Stark

    Switching Principal/Identity type when calling other securit

    Simon Gunzenreiner Newbie

      I am trying to achieve the following with two security domains: Principal of type A is authenticated in domain A. An EJB deployed in domain A is calling an EJB in domain B, where domain B uses a different identity type (another Principal implementation class). For domain B the ID returned by getName() has a different meaning than for domain A.

      What I intend to have is a LoginModule, which either accepts Principals of type B, or can map Principals of type A to a Principal of type B; either way, the Principal returned by the LoginModule is of type B.

      The LoginModule actually adds the Principal (type B) to the Subject, but the application code (getCallerPrincipal()) still get's the original Principal (type A) instead of the mapped Principal (type B). How can I achieve that for domain B JBoss works with another caller identity than for domain A?

      Is it possible to be able to configure the Principal class to be used for a call to Subject.getPrincipals(class) for a specific security domain?

      JCA introduces the concept of a "Principal Mapping Module". This is pretty much what I am looking for, just for JBoss to JBoss calls instead of JBoss to EIS calls.