4 Replies Latest reply on Mar 7, 2005 3:48 AM by Dmitri Zamyslov

    Authentication not passed from web to EJBs through.

    Dmitri Zamyslov Newbie

      Hi everybody,

      i have stuck with following problems.

      I have an application and two modules within it - the ejb (some entities and one session bean) and web module. In web module i have set the authentication with some domain name and database login module. It works for authentication fast properly but I have some problem with roles and this is the first question:

      i've checked that the request I put for database login module is correct and returns for the user two roles ADMIN and USER. When in jsp, which comes after the authentication I'm trying to check if the request.userInRole("ADMIN") or ("USER") - both returning false. I've checked in logs - the database login module have attached both roles to user:

      2005-03-04 13:03:59,054 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'admin' authenticated, loginOk=true
      2005-03-04 13:03:59,054 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true
      2005-03-04 13:03:59,054 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role USER
      2005-03-04 13:03:59,054 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role ADMIN

      do I user incorrect methods?

      The second issue is, that in this jsp I use a java bean and that bean at his turn creates a session bean from an ejb module. There I have the problem, that the following code withing the session bean:
      String userName = sessionContext.getCallerPrincipal().getName();
       log.debug("Caller principal " + userName);

      writes "anonymous" in log.

      Why the authentication didn't come in sessionContext? What I'm doing wrong? How the authentication can be passed from web module to ejb? While in future I would like to use roles in ejbs I create for the project.

      Thanks in advance.