You must perform a JAAS login using the
I'm doing so, but i cannot get authenticated.
My client has a Client-Login module.
My server has a DatabaseServerLoginModule.
But whenever I try to access a SLSB from the onMessage, the server shows a "guest" role, even if I logged with another username-role
? Login on a client will have no affect on the mdb.
You need to login inside the mdb
I'd like to ask some follow-up questions on this topic.
I have the same problem as the poster - wanting to set the MDB caller Principal dynamically, in my case using a Subject with PrivateCredential passed in the message.
It occurred to me to do a JAAS login from the MDB, but it wasn't clear to me whether doing that would remove MDB restrictions from session bean code called from the MDB.
For example, it is illegal for an MDB to call getCallerPrincipal(). Does this change if the MDB does a JAAS login ? Will session bean methods called by the MDB after the JAAS login be able to call getCallerPrincipal() ?
Also, can the now-authenticated MDB use session beans described in its <ejb-local-ref> elements under the new Principal, or have these been pre-wired to the \<runAs\> Principal ?
No, an mdb can never call getCallerPrincipal. Doing a jaas login is equivalent to a dynamic run-as assignment.
Is this still true in the context of EJB3 and the RunAs annotation?
Scott Stark: "No, an mdb can never call getCallerPrincipal. Doing a jaas login is equivalent to a dynamic run-as assignment."