How do I propagate a custom principal from the web tier to the ejb tier?
The situation is like this: -) I have a web application and a number of ejbs. All in the same security domain. -) I use JAAS to authenticate and authorize in both the web and the application tier. -) I use FORM based authentication in the web tier.
If I use a remote client, I can login to the application tier without problems. My custom principal is build by my custom login module on the client side and correctly set on the security association to use for authentication and authorization in the application tier.
If I use a web client, my custom principal is correctly build by a different login module (using another CallBackHandler set). Authentication and authorization both succed in the web tier, but the principal is not propagated to the application tier.
With the remote client I use JBoss's ClientLoginModule to associate the principal and subject with the EJB invocation, so I use the same ClientLoginModule with the web application login, but here the principal and subject are not set. With each next request to the web tier, my custom princial s correctly found in the session, but the SessionAssociationValve does not propagate the principal and subject to the ejb layer.