Hello, i'm migrating J2EE-application from jboss 4.0.3sp1 to 5.0.0 ga. This application will be accessed from a remote client (RMI over HTTP with HTTPInvokerServlet). Now the working custom jaas login from 4.0.3 fails in 5.0.0 GA because of a principal which is NULL, requested from the SecurityAssociationCallback in my server-side custom login module. Any sugesstions how to deal with SecurityAssociationCallback in 5.0.0 GA ? My custom login more in detail: 1) Client auth.conf: client-login { | | de.myapplication.secure.CustomClientLoginModule required | ; | org.jboss.security.ClientLoginModule required | password-stacking="useFirstPass" | ; | }; | The client uses a CustomPasswordHandler implementing CallbackHandler for additional login informations which results in a CustomPrincipal class. This CustomPrincipal class is needed at the server-side login module. 2) Server The jboss-service.xml and the login-config.xml are located in the META-INF of SAR bundled in the EAR of the application. The following code snippet from the CustomServerLoginModule shows the occurence where the principal returns with NULL SecurityAssociationCallback callback = new SecurityAssociationCallback(); | Callback[] callbacks = { callback }; | | | callbackHandler.handle(callbacks); | | | Principal principal = callback.getPrincipal(); | LOG.debug("'getUsernameAndPassword()' found Principal " + principal); | jboss-service.xml (snippet) <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="de.myapplication.secure:service=LoginConfig-Custom"> | <attribute name="AuthConfig">META-INF/login-config.xml</attribute> | | <!-- The service which supports dynamic processing of login-config.xml | configurations. | --> | <depends optional-attribute-name="LoginConfigService"> | jboss.security:service=XMLLoginConfig </depends> | | <!-- Optionally specify the security mgr service to use when | this service is stopped to flush the auth caches of the domains | registered by this service. | --> | <depends optional-attribute-name="SecurityManagerService"> | jboss.security:service=JaasSecurityManager </depends> | </mbean> | login-config.xml <policy> | <application-policy name = "lisa"> | <authentication> | <login-module flag="required" code="de.myapplication.secure.jboss.CustomServerLoginModule"> | <module-option name="unauthenticatedIdentity">unauthenticatedUser</module-option> | <module-option name="DATA_SOURCE">java:/custom.DataSource</module-option> | <module-option name="PRINCIPAL_QUERY">...</module-option> | <module-option name="ROLES_QUERY">...</module-option> | <module-option name="LOCATION_QUERY">...</module-option> | </login-module> | </authentication> | </application-policy> | </policy> | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4213972#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...