[jboss-user] [Security] - Authentication succeeded, getCallerPrincipal()=anonymous

zour do-not-reply at jboss.com
Tue Oct 27 06:15:27 EDT 2009 

I'm using JBoss 5.1.0, a J2EE application, the frontend is a RAP application 
deployed in an OSGi container (Equinox). All runs fine beside the login.

Though authentication is successfull, I always get the default identity
anonymous from an EJB. Login does work properly, since if I enter a 
wrong password I get redirected to the according web page.

@SecurityDomain("myapplication")
  | @Stateless(name = UserBean.EJBNAME)
  | public class UserBean implements UserBeanRemote, UserBeanLocal {
  | 
  |  public static final String EJBNAME = "UserBean";
  | 
  |  @Resource()
  |  private transient SessionContext session;
  | 
  |  @Override
  |  public void testSession() {
  |   String name = this.session.getCallerPrincipal().getName();
  |   System.out.println("Principal: "+name);
  |  }

The principal's name is always 'anonymous' (the default).

The custom login module is being used in other J2EE applications without 
such problems. Snippet from login-config.xml:

<application-policy name="myapplication">
  |  <authentication>
  |   <login-module code="com.mypackage.ejb.jaas.AuthenticatorLoginModule" flag="required">
  |    <module-option name="authenticatorJndiName">MyApplication/AuthorizationBean/local</module-option>
  |   </login-module>
  | 
  |   <login-module code="org.jboss.security.ClientLoginModule" flag="required" />
  |  <authentication>
  | <application-policy>

web.xml:

<login-config>
  |  <auth-method>FORM</auth-method>
  |  <form-login-config>
  |   <form-login-page>/login.html</form-login-page>
  |   <form-error-page>/login_failed.html</form-error-page>
  |  </form-login-config>
  | </login-config>

jboss-web.xml
<jboss-web>
  | 	<security-domain>java:/jaas/myapplication</security-domain>
  | </jboss-web>

jbossweb.sar/contex.xml
<Context cookies="true" crossContext="true">
  | <Manager pathname="" />
  | <InstanceListener>org.jboss.web.tomcat.security.RunAsListener</InstanceListener>
  | <Valve className="org.apache.catalina.authenticator.FormAuthenticator" characterEncoding="UTF-8" />
  | </Context>

I don't know if this is a bug or I'm just missing some configuration.
A Realm perhaps? Would this work: http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#JAASRealm

I have another working authorization configuration with JAAS and Seam,
but this doesn't require any Realm's at all.

Could you please give me a hint?

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262350#4262350

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262350

More information about the jboss-user mailing list