When I use SPServletExtension, the principal is only available in the web module and when I inject and call ejb method from ejb module, ejbContext.getCallerPrincipal() returns anonymous. I have an ear which consists of ejb and web module. To reproduce the problem you should have ear package with ejb module, try to inject the ejb in web module and call ejbContext.getCallerPrincipal(). It will return anonymous. SPServletExtension is used for adding SPFormAuthenticationMechanism. It extends ServletFormAuthenticationMechanism which used for standard FORM authentication. In my project, standard FORM authentication works perfectly, so I tried to find differences between these mechanisms and i found difference in method register. In standard FORM mechanism is used:
securityContext.authenticationComplete(account, "FORM", true);
|
and SPFormAuthenticationMechanism uses
securityContext.authenticationComplete(account, "FORM", false);
|
I created my custom authentication mechanism which extends the SPFormAuthenticationMechanism and overrides the method register with the cachingRequired parameter true and now I can see the caller principal in my EJB module.
This bug is related to link https://issues.jboss.org/browse/PLINK-719.
|