[jboss-dev-forums] [Security Development] New message: "Keeping the state of Caller principal in JBoss AppServer when authenticating from standalone WebServer"

JBoss development, A new message was posted in the thread "Keeping the state of Caller principal in JBoss AppServer when authenticating from standalone WebServer": http://community.jboss.org/message/530097#530097 Author : Eric Loh Profile : http://community.jboss.org/people/eric1lyk Message: -------------------------------------------------------------- Dear experts,   I have problems understanding how i can maintain the Authentication Principal in the JBoss Appserver for subsequent invokations of an EJB3 Stateless session bean from a standalone client.   I have EJB3 Stateless session beans deployed on JBoss 5.1.0 AS     My Client is deployed on a Apache Tomcat Webserver (version 6.0.20)   My Client (deployed on Tomcat Webserver) uses the following Login Config to do authentication.   *myapp-login {* *    com.myapp.services.authentication.client.jaas.OasisLoginModule requisite debug="true"* *    facadeJndiName="myApp/authentication"* *    java.naming.factory.initial="org.jnp.interfaces.NamingContextFactory"* *    java.naming.factory.url.pkgs="org.jboss.naming:org.jnp.interfaces"* *    java.naming.provider.url="jnp://localhost:1099";* *   * *    org.jboss.security.ClientLoginModule sufficient debug="true"* *    multi-threaded="true";* *};* I realised that *org.jboss.security.ClientLoginModule is required so that the CallerPrincipal gets propagated from my Client to JBoss AppServer* *org.jboss.security.ClientLoginModule sufficient debug="true"*   After I login, i created an InitialContext to lookup the EJB3 stateless session bean deployed in JBoss.   I try to test if the Stateless session bean can obtain the principal that i propagated frmo the Tomcat Webserver to JBoss AS   The first time i called, the context.getCallerPrincipal() was able to return the principal that i set inside the Callbackhandler.   *@Stateless* *public class AuthenticationComponentFacadeBean extends AbstractComponentFacade<IAuthenticationComponentServiceLocator> implements IAuthenticationComponentFacade* *{  * *    @Resource* *    SessionContext context;* * * *    @Override* *    public char[] resetPassword(MyCredentials credential) throws AuthenticationException* *    {* *            if (context.getCallerPrincipal() != null)* *            {* *                 System.out.println("principal: " + context.getCallerPrincipal());* *            }*   But, in subsequent invocations when i create the InitialContext again, I am getting NullPointerException   *15:16:50,538 INFO  [STDOUT] 2010-03-05 15:16:50,538 [ERROR] - [AuthenticationComponentFacadeBean] java.lang.NullPointerException* *        at org.jboss.ejb3.security.helpers.EJBContextHelper.getCallerPrincipal(EJBContextHelper.java:99)*   i.e. The CallerPrincipal gets lost in subsequent invocations.   Can someone tell me how i can maintain the CallerPrincipal inside JBoss AppServer until i perform a logout operation to invalidate my session?   *What is the correct way to do it?* * * *Should I invoke the ClientLoginModule at my Client on Tomcat Webserver everytime i lookup a stateless session bean so that it will keep the CallerPrincipal there?*   *Is there a way to keep the CallerPrincipal without invoking the ClientLoginModule everytime i do a lookup?* -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/530097#530097