[jboss-jira] [JBoss JIRA] Updated: (JBAS-9213) module-option principalClass will be ignored

module-option principalClass will be ignored -------------------------------------------- Key: JBAS-9213 URL: https://issues.jboss.org/browse/JBAS-9213 Project: Legacy JBoss Application Server 6 Issue Type: Bug Security Level: Public(Everyone can see) Components: Security Affects Versions: 6.0.0.Final Environment: Windows XP JBoss AS 6.0.0.Final JavaSE 1.6.0_17 Reporter: Michael Feichtegger Assignee: Anil Saldhana I wrote a custom login module and configured it at {{login-config.xml}} as follows: {code} <application-policy name="MyRealm"> <authentication> <login-module code="com.example.MyLoginModule" flag="required"> <module-option name="principalClass">com.example.UserPrincipal</module-option> <module-option name="debug">true</module-option> </login-module> </authentication> </application-policy> {code} In a second step I wrote a simple JSF application that performs the login using {{HttpServletRequest.login()}} that works very well. Finally I used {{HttpServletRequest.getUserPrincipal()}} to retrieve the custom principal created during the login process. On JBoss I'll just get a JBoss internal {{org.jboss.security.SimplePrincipal}} and I have to use {{PolicyContext.getContext("javax.security.auth.Subject.container")}} to get the desired principal. The custom login module implements {{javax.security.auth.spi.LoginModule}} and is not derived from {{org.jboss.security.auth.spi.UsernamePasswordLoginModule}} since it should work on any JavaEE Container. As far as I understood the specification the element {{<module-option name="principalClass">}} should be used to achieve this behavior.