I need to get a user from a Servlet Request parameter and propagate it to EJB layer. But it is not happening! Thanks in advance for your help. This is the excerpt from login-config.xml. Note that I am using ClientLoginModule: | <application-policy name = "myPolicy"> | <authentication> | <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" | flag = "required" /> | | <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"> | <module-option name="password-stacking">useFirstPass</module-option> | </login-module> | </authentication> | | </application-policy> | This is how use a loginContext. users.properties and roles.properties files in application archive are being read correctly. | | CallbackHandler handler = new MyHandler("paramFromRequest"); | LoginContext lc = null; | try | { | lc = new LoginContext("myPolicy", handler); | lc.login(); | Subject subject = lc.getSubject(); | Set<Principal> principals = subject.getPrincipals(); | for(Principal p: principals) | { | log.info("name="+p.getName()); | log.debug("name="+p.getName()); | // JBoss Specific | if (p instanceof SimpleGroup) | { | SimpleGroup sg = (SimpleGroup) p; | if ("Roles".equals(sg.getName())) | { | log.debug("role-name=" + sg.toString()); | } | } | } | | } catch (LoginException e) | { | log.info("authentication failed... But this is just a test; Ignore it"); | e.printStackTrace(); | } | Here is the handler: | | class MyHandler implements CallbackHandler | { | String name = null; | public MyHandler(String name){this.name=name;} | public void handle(Callback[] callbacks) throws IOException, | UnsupportedCallbackException | { | for (int i = 0; i < callbacks.length; i++) | { | if (callbacks instanceof NameCallback) | { | NameCallback nc = (NameCallback) callbacks; | nc.setName(name); | } else if (callbacks instanceof PasswordCallback) | { | PasswordCallback pc = (PasswordCallback) callbacks; | pc.setPassword(new char[0]); | } else | { | throw new UnsupportedCallbackException(callbacks, | "Unrecognized Callback"); | } | } | } | } | Here is the EJB Method call that I am expecting to fail but succeeds! Calls on "ctx" are commented out because I get "No valid security context for the caller identity" otherwise. | @RolesAllowed("xxx") | public List<String> getAllUserGroups() | { | // Principal callerPrincipal = ctx.getCallerPrincipal(); | // if(null == callerPrincipal) log.debug("callerPrincipal is null!"); | // else log.debug(callerPrincipal.getName()); | return getAllGroupsAsStrings(); | } | | | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3980865#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...