I do not have an answer to your question (sorry) but I ma curious to know how you configured the JDBC source in JBoss in order for it to use the client identity to connect to the database.
Could should send some details about this configuration?
You'll have to describe the security settings on the database datasource. If the ejb is secured and this is working, and your using the CallerIdentityLoginModule then the identity used to access the ejb should be seen at the database.
This works well as long at the caller of the Bean is from the integrated Tomcat meaning it passes security and assumes the correct login and password from the principal. It partially works when called from a swing app or Tomcat running in a seperate JVM since it passes JAAS security by allowing the call but the principal will have the default login and password not the one passed from the client login. I can see different data returned since the default user has more restricted database access than the logged in person. Also an anomaly, If the first call to the app server after startup is from the integrated Tomcat then subsequent calls from the swing app do work and when the principal is viewed in the debugger the correct login and password appears.
This is from sybase-ds.xml
This is from login-config.xml
<login-module code="TisCallerIdentityLoginModule" flag="required">
public class TisCallerIdentityLoginModule extends CallerIdentityLoginModule
public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
super.initialize(subject, handler, sharedState, options);
protected Principal getIdentity()
Principal principal = super.getIdentity();
protected Group getRoleSets() throws LoginException
Group groups = new Group;
SimpleGroup rolesGroup = new SimpleGroup("Roles");
groups = rolesGroup;
SimpleGroup principlesGroup = new SimpleGroup("CallerPrincipal");
groups = principlesGroup;