2 Replies Latest reply on Sep 3, 2007 4:01 AM by pedro velarde

    No Principal propagation to SessionBean

    pedro velarde Newbie

      Hi everybody,

      I've developed a EJB3.0 Application; now I want to add security using JAAS.

      The client is a rich Delphi application that comunicates with server via HTTP througth a servelt. This servlet has this login JAAS code:

      loginContext = new LoginContext("GTSPDB", new MyCallbackHandler(user, password));
       loginContext.login();
      


      where user and password come in the HTTP request. The user authentication works fine but when I call the sessioncontext getCallerPrincipal into the sessionbean and error raises:

      12:31:11,304 TRACE [SecurityAssociation] getCallerPrincipal, principal=null
      12:31:11,320 ERROR [STDERR] java.lang.IllegalStateException:
      No valid security context for the caller identity
      


      I've declared the security context in login-config.xml

      <application-policy name = "GTSPDB">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
       <module-option name="dsJndiName">java:/MySqlHibernate</module-option>
       <module-option name="principalsQuery">SELECT password FROM user WHERE name=?</module-option>
       <module-option name="rolesQuery">SELECT rolename,'Roles' FROM userrole WHERE userrole.username=?</module-option>
       </login-module>
       </authentication>
       </application-policy>


      and tables in database are populated with these user and roles data.

      I've read the "JAAS Howto: README FIRST" but I haven't found solution.

      Why Principal is not propagated to sessionbean if login works¿? what am I doing wrong¿? am I missing something¿?

      thanks in advance for your help.

      pedro.