2 Replies Latest reply on Dec 7, 2004 11:37 AM by Scott Stark

    Identity unknown during first call to ejb after login

    Erwin Teseling Newbie


      I am experiencing some strange security behaviour during the first call to an session bean after loggin in (using form based authentication and the database login module).

      When I am trying to acces a secured web resource I am persented the login page and login. After this I am directed to the originally requested web resource (Struts action). So the web container agrees that the logged in user has the correct roles for acces to this resource.

      Now I make a call from this action to a stateless session bean which looks up the name of the logged in user to do some processing (esing SessionContext.getCallerPrincipal().getName()). I was very suprised that it returned "anonymous"!

      Anonymous is indeed the identity that I configured for unauthenticated users, but this user has allready logged in, therefore his identity should be known. Now when I call this method again, it DOES return the correct user identity "erwin" in this testcase???

      Could you explain whether this could be a bug or what I could be doing wrong, because as far as I know the ejb container should return me the correct identity in both cases!?