JBoss Community

JBoss AS 7.1.1.Final custom login module for remoting and custom principal

created by Sebastian Raue in JBoss AS 7 Development - View the full discussion

For remoting we have made a custom login module which extends org.jboss.security.auth.spi.AbstractServerLoginModule.

The overwritten method getIdenttity() returns a custom principal - ApplicationPrincipal.

We can access the principal inside our ejbs via



public SessionContext sessionContext;



Principal principal = sessionContext.getCallerPrincipal();




but we get a ClassCastException when we try to cast the returned Principal into ApplicationPrincipal.

On the other hand principal.getClass().getName() returns the expected class name.


The problem is that our login module is deployed as a jboss module (<jboss-home>/modules) - inside a jar which also

contains ApplicationPrincipal. The ear containing our ejb.jar which contains our ejbs also contains a copy of ApplicationPrincipal.

The problem is that our custom login module and the ApplicationPrincipal are loaded by one class loader and our

ejbs and the ApplicationPrincipal copy are loaded by another class loader. The ApplicationPrincipal from the login module which we get

by calling sessionContext.getCallerPrincipal() in the ejb is no ApplicationPrincipal known by the ejbs.


What can we do to solve this problem?


I have tried to put the custom login module code into our ear and adjusted the "module" attribute value of <login-module>

in our standalone.xml to deployment.<app-name>.ear.<ejb-jar-name>.jar but it did not work. Exception on the remote client was:


javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed


As a separate module and the respective <login-module> configuration in standalone.xml the authentication works fine with our login module

- we only have the described ClassCastException problem.

Reply to this message by going to Community

Start a new discussion in JBoss AS 7 Development at Community