[jboss-user] [Security & JAAS/JBoss] - Re: Unable to get Subject from SecurityAssociation when call

[kimbaltrue]

When the initial EJB bean is called - it's a EJB 3.0 webservice bean - I'm able to get the current context Subject, and from that I can get the principal sets, and from them I can get the full list of a user's roles.

That's actually working.

The problem occurs when I call another EJB 3.0 bean from the first bean. The second bean seems to have lost the initial security context so that I can't get the context Subject.

As for the isCallerInRole this is only useful when you already know the the role. That's taken care of by the @RolesAllowed annotation so I really don't need to call isCallerInRole. What I'm trying to do is allow for dynamic role based access to specific data elements in the database, and I can only do that if I can pull the user's role list. 

Also, I'm concerned that if the Subject context is lost then I might not be able to call from one Application server instance to another using the same security associations.



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4172329#4172329

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4172329