[jboss-user] [Security & JAAS/JBoss] - EJB Session Context Returns Incorrect Principal With Custom

Friday, 2 May 2008

Hello,

I'm using JBoss Application Server 4.0.5GA.

I wrote a custom login module which accepts either the user credentials or accepts a token
which they still pass through the username/password fields.  In my login module, when I
detect that a token is being passed in, I retrieve the user associated with the token and
then login as that user.  The user is logged in properly and the correct user (Principal)
is returned from the Subject retrieved from PolicyContext and security checks are
performed correctly based on this user.  However, if I call SessionContext.getPrincipal,
then the Pricipal returned is one based on the passed in credentials (in this case the
token itself) instead of being the logged in user.

Can anyone shed light on this behaviour?  Is there something special that I have to do to
ensure that SessionContext has the correct Principal?

Regards,
Len Takeuchi

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4148238#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Security & JAAS/JBoss] - EJB Session Context Returns Incorrect Principal With Custom