[JBoss-dev] SecurityAssociation is empty after successful login.

Hi, I got cornered while trying to do some basic authentization/authorization. I've got here two applications - prototype war (working), real ear application (not working). While looking for error, I've set both of them to use SAME application policy in login-config.xml. Authentization succed in both of them, but SecurityAssociation.getSubject returns null in ear app for some reason. I've tried to fiddle a little with "org.jboss.security.SecurityAssociation.ThreadLocal" property, but nothing changed. Jbosssx client library is packaged in both war and ear(here it is localed in nested .war) archive. In web.xml there are no roles defined/requested - any authenticated user is authorized to do anything. So where can be the problem? I'm out of ideas. Thanks in advance for any help or hint. martin. -------- MORE DETAILS-------------- .war app: index.jsp content - some ugly testing code written in scriptlet. After loggin in, user login is printed out and all associate roles are listed out: <% String loggedUser = request.getRemoteUser(); if (loggedUser == null) { out.println("No user is currently logged.<br/>"); } else { out.println("currently logged-in user is:&nbsp;&nbsp;\""+ loggedUser+"\"&nbsp;&nbsp;&nbsp; \"./private/logOut.jsp\" logout <br/>"); out.println("associated principals are: <br/><ul>"); Subject subject = SecurityAssociation.getSubject(); for (Object principal : subject.getPrincipals()) { out.println("<li>"+principal+"&nbsp;&nbsp;&nbsp;&nbsp;(represented by "+principal.getClass()+")</li><br/>"); } out.println("</ul>"); } %> ---------------- .ear app: index.jsp content - some ugly testing code written in scriptlet. After loggin in, user login is printed out, is confirmed that authorization proces succeded (tested via isUserInRole method), but SecurityAssociation.getSubject() returns null although. <% out.println("user: "+request.getRemoteUser()+"<br/>"); Subject subject = SecurityAssociation.getSubject(); out.println("is user in role A: "+request.isUserInRole("A")+"<br/>"); out.println("org.jboss.security.SecurityAssociation.ThreadLocal is "+System.getProperty("org.jboss.security.SecurityAssociation.ThreadLocal")+"<br/>"); if (subject != null) { for (Object principal : subject.getPrincipals()) { out.println("<li>"+principal+"&nbsp;&nbsp;&nbsp;&nbsp;(represented by "+principal.getClass()+")</li><br/>"); } } else { out.println("subject is null"); } out.println("</ul>"); %> -- View this message in context: http://www.nabble.com/SecurityAssociation-is-empty-after-successful-login... Sent from the JBoss - Dev mailing list archive at Nabble.com.