8 Replies Latest reply on Nov 1, 2004 12:05 PM by Jason Cunningham

    Will $100 Manual help us to resolve this security issue

    Subri Shastry Newbie

      I use JAAS for web-based Login. The first time I access the EJB session Bean and do a getCallerPrinciple() I do get the Caller correctly.
      However when I go to a different screen and do the getCallerPrinciple() I get exception 'IllegalState' for the unauthenticated subject.

      Before making a call to getCallerPrinciple() inside the SessionBean the 2nd time, I call Subject.DoAs(..) in the caller but still this does not help and also we were told by Scott Stark that DoAs(..) does not mean anything for JBoss.

      There is no Form Based Authentication in the JAAS HowTo examples.

      We are a Weblogic shop and are really keen on marketing JBoss to our customers but that requires us to port the application. We are 90% there but this problem is preventing us from proceeding further.