5 Replies Latest reply on Jul 20, 2009 7:45 PM by Doozy Dooze

    From Servlet Standalone Tomcat to EJB on JBoss

    Christian R Newbie

      Hi, i have a Problem with security on standalone Tomcat and JBoss.

      But first, what I try to do:

      I have a Google Web Toolkit (GWT) Application. The servercomponent of this GWT app is a servlet. This GWT app is running on an standalone tomcat.
      From this servlet, I try to access a stateless session bean running on an remote JBoss server.

      Without any security solutions, it's running fine.

      Now I try to add some security to this system.
      So the GWT app is authenticating against the tomcat server with a form base authentication against an database.

      The JBoss server is also authenticating against the same database (because on tomcat and JBoss there should be the same users and roles).

      My problem is, that tomcat does not populate the username und password from the logged in principal to JBoss, so when calling my EJB, I have to do it in that way (otherwise I get an authentication failed error):

      Properties env = new Properties();
      env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
      env.setProperty(Context.SECURITY_PRINCIPAL, "TestUser");
      env.setProperty(Context.SECURITY_CREDENTIALS, "password");
      InitialContext ctx;
      try {
       ctx = new InitialContext(env);
       connector = (MyBean) ctx.lookup("java:comp/env/ejb/MyBean");
      } catch (NamingException e) {
       //do something

      Does somebody have a solution for this problem?