1 Reply Latest reply on Jul 30, 2005 12:40 PM by Scott Stark

    Subject context no longer propagated to callee in the presen

    Peter Friis Newbie

      We've started moving our application from 3.2.5 to 4.0.2 and I've encountered a problem with the way subjects are propagated in the presence of a run-as identity:

      I have a stateless session bean configured with a run-as role to allow it to access the model layer of the application. In 3.2.5, calls made from this session bean propagated the Subject (with the run-as role instead of the callers role) to the callee, i.e. from the callee I could say

      SecurityAssociation.getSubject()

      and get the authenticated Subject associated with the original call to the session bean.

      In 4.0.2, that is no longer the case and
      SecurityAssociation.getSubject()

      simply returns null. Also,
      SecurityAssociation.getCallerPrincipal()

      returns a RunAsIdentity with the correct role but with "anonymous" Principal.

      My questions are:

      1) Is this a bug?

      2) Is there another way to propagate the (authenticated) Subject to the callee?

      Thanks,

      Peter Friis