0 Replies Latest reply on Aug 29, 2007 6:53 AM by pedro velarde

    No valid security context for the caller identity

    pedro velarde Newbie

      Hi everybody,

      I've developed a EJB3.0 Application; now I want to add security using JAAS.

      The client is a rich Delphi application that comunicates with server via HTTP througth a servelt. This servlet has this login JAAS code:

      loginContext = new LoginContext("GTSPDB", new MyCallbackHandler(user, password));

      where user and password come in the HTTP request. The user authentication works fine but when I call the sessioncontext getCallerPrincipal into the sessionbean and error raises:

      12:31:11,304 TRACE [SecurityAssociation] getCallerPrincipal, principal=null
      12:31:11,320 ERROR [STDERR] java.lang.IllegalStateException: No valid security context for the caller identity

      I've declared the security context in login-config.xml

      <application-policy name = "GTSPDB">
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
       <module-option name="dsJndiName">java:/MySqlHibernate</module-option>
       <module-option name="principalsQuery">SELECT password FROM user WHERE name=?</module-option>
       <module-option name="rolesQuery">SELECT rolename,'Roles' FROM userrole WHERE userrole.username=?</module-option>

      and tables in database are populated with these user and roles data.

      I've read the "JAAS Howto: README FIRST" but I haven't found solution.

      Why Principal is not propagated to sessionbean if login works¿? what am I doing wrong¿? am I missing something¿?

      thanks very much for your help.