Just a quick tip.
I've noticed that in order to get help on these (and most Open Source) fora, it helps to provide specific information.
Stack Trace (where applicable)
No, the docs are going to help with this issue. I would need to see a sample ear that illustrates what you are trying to do. There is nothing special about form authentication in terms of how the security context propagates to ejbs. If you want further help with this create a sample ear and attach it to a bug report on sourceforge:
Thanks we shall send the ear file. In the mean time I had a question.
we are using a Struts Action Class for login which gets invoked and we are succesfully authenticated when we call lc.login(), our custom login gets invoked correctly. However our web container does not know about this authentication hence it does not get forwarded to the first jsp in the web.xml but continues to display the login page. Hence we are using j_security_check in the jsp after we which we call JAAS. We call JAAS because j_security_check does invoke our Custom Login module.
We should not be doing both j_security_check and JAAS both.
Weblogic has a very clean solution we call ServletAuthenticator.runAs(subject, httprequest) and we do not do j_security_check or doAs for the session bean etc.
If someone could tell me what is that we need to do to propogate the authentication to the web layer and ejb layer would really helpful as now I realize that the manual will not talk about this
JBoss Version: 3.2.5
OS: Microsoft Professional XP
JVM: Sun JDK 1.4
Sorry stack trace missing above...
14:33:37,531 ERROR [LogInterceptor] RuntimeException:
java.lang.IllegalStateException: No security context set
at com.retalix.convergence.prompt2.invoice.ejb.InvoiceManagerBean.getInvoices(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
If the security-domain you use to perform the form authentication includes your custom login module, any ejbs accessed from within secured web content will automatically propagate the security context to ejbs. Otherwise, you need to do a JAAS login as described in the JAAS Howto in this forum.
I have sent the bug report to the sourceforge but when I try to attach the .ear file I get error invalid file name
Checked the box which says if you want to send attachments, check on this box.
When I click on Submit Change after sometime I get error "Invalid Filename"
The .ear file that I am trying to attach is around 5MB