For remoting we have made a custom login module which extends org.jboss.security.auth.spi.AbstractServerLoginModule.
The overwritten method getIdenttity() returns a custom principal - ApplicationPrincipal.
We can access the principal inside our ejbs via
@Resource
public SessionContext sessionContext;
....
Principal principal = sessionContext.getCallerPrincipal();
....
but we get a ClassCastException when we try to cast the returned Principal into ApplicationPrincipal.
On the other hand principal.getClass().getName() returns the expected class name.
The problem is that our login module is deployed as a jboss module (<jboss-home>/modules) - inside a jar which also
contains ApplicationPrincipal. The ear containing our ejb.jar which contains our ejbs also contains a copy of ApplicationPrincipal.
The problem is that our custom login module and the ApplicationPrincipal are loaded by one class loader and our
ejbs and the ApplicationPrincipal copy are loaded by another class loader. The ApplicationPrincipal from the login module which we get
by calling sessionContext.getCallerPrincipal() in the ejb is no ApplicationPrincipal known by the ejbs.
What can we do to solve this problem?
I have tried to put the custom login module code into our ear and adjusted the "module" attribute value of <login-module>
in our standalone.xml to deployment.<app-name>.ear.<ejb-jar-name>.jar but it did not work. Exception on the remote client was:
javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
As a separate module and the respective <login-module> configuration in standalone.xml the authentication works fine with our login module
- we only have the described ClassCastException problem.