<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="https://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
Remote Ejb Calls - SimpleSecurityManager and JBossCachedAuthenticationManager do not work correctly
</h3>
<span style="margin-bottom: 10px;">
created by <a href="https://community.jboss.org/people/Michael_Gronau">Michael Gronau</a> in <i>JBoss AS 7 Development</i> - <a href="https://community.jboss.org/message/732713#732713">View the full discussion</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p>Hello,</p><p>As far as I still have the problem, that my custom login module is called with every remote ejb invocation i investigated a little bit more the jboss code. I see that the method SimpleSecurityManager.push(...) is called for every ejb call and here for every call a new instance of SimplePrincipal is created for the SubjectInfo. Then the method authenticate() is called. Here it delegates to the JBossCachedAuthenticationManager which tries to find an already cached principal, but this cannot work, because the get function of the cache returns null. It returns null, because of the newly created SimplePrincipal for the current invocation. The JBossCachedAuthenticationManager pushes back my principal (created in my custom login module), but cannot find it again.</p><p>It's like this for every remote ejb call:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>1. call to the ejb</p><p>2. SimpleSecurityManager creates a SubjectInfo with a new(!) instance of SimplePrincipal</p><p>3. SimpleSecurityManager tries to authenticate -> delegates to JBossCachedAuthenticationManager</p><p>4. JBossCachedAuthenticationManager tries to find cached principal with a call to method get() with the principal instance from SimpleSecurityManager</p><p>5. JBossCachedAuthenticationManager finds no cached instance and starts a new authentication with my custom login module</p><p>6. My custom login module creates a new instance of Principal and commits it(), creates a Group called CallerPrincipal, adds the new Principal and adds this group to current subject</p><p>7. JBossCachedAuthenticationManager pushes back my Principal correctly</p><p>8. Ejb is called.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>9. when you call the ejb again (in a simple for-loop or somehting like that) all starts again at point 1. The problem is the creation of the new Principal instance for every remote ejb call.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><span>I think </span><a class="jive-link-external-small" href="https://issues.jboss.org/browse/AS7-3525" target="_blank">https://issues.jboss.org/browse/AS7-3525</a><span> should be reopened. What do you think?</span></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>With best regards,</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Michael Gronau</p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Reply to this message by <a href="https://community.jboss.org/message/732713#732713">going to Community</a></p>
<p style="margin: 0;">Start a new discussion in JBoss AS 7 Development at <a href="https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2225">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>