Hi,<div><br></div><div>Although it&#39;s not directly what you asked, one thing which you may want to take into account is that in the web layer (via HttpServletRequest) the user/caller principal corresponding to the unauthenticated identity is always null. When using the EJBContext that same user/caller principal is something container specific (although contrary to the web layer never null).</div>
<div><br></div>EJB is underspecified here (just as the run-as principal). Likewise, the way in which a security context established in the web layer propagates to EJB is not clear either. There&#39;s a vague paragraph about a security domain that should be consulted, which JBoss takes very literally (for secured beans it attempts to re-authenticate instead of propagating the established context), for non-secured beans it doesn&#39;t do this.<div>
<br></div><div>Finally there are a couple of implementation differences between JBoss&#39; native login modules and the Java EE standard JASPIC ones. For JASPIC you would call HttpServletRequest.authenticate() and the &quot;login module&quot; (SAM) would pass a null to the CallerPrincipalCallback in order to establish the unauthenticated identity.</div>
<div><br></div><div>Hope this somehow helps.<br><div><br>On Friday, August 8, 2014, Wolfgang Knauf &lt;<a href="mailto:wolfgang.knauf@gmx.de">wolfgang.knauf@gmx.de</a>&gt; wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi guys,<br>
<br>
I try to sort out the &quot;unauthenticatedIdentity&quot; feature for JAS login<br>
modules in WildFly 8.<br>
To my understanding, when logging in without username/password, the<br>
login module should fallback to this &quot;unauthenticatedIndentity&quot;, which<br>
can only access public content (e.g. unsecured or @PermitAll ejb methods).<br>
<br>
But without a login, my public ejb method shows that<br>
&quot;this.sessionContext.getCallerPrincipal().getName()&quot; returns<br>
&quot;anonymous&quot;, which is NOT the &quot;unauthenticatedIdentity&quot; value.<br>
And &quot;httpRequest.login(null, null)&quot; will fail because of the Undertow<br>
implementation.<br>
<br>
How can a switch to the user name declared in the &quot;unauthenticatedIdentity&quot;?<br>
<br>
Same question e.g. here: <a href="https://community.jboss.org/thread/237899" target="_blank">https://community.jboss.org/thread/237899</a><br>
<br>
Seems I have a basic misunderstanding about this ;-), but I don&#39;t find a<br>
clear explanation in the web...<br>
<br>
Best regards<br>
<br>
Wolfgang Knauf<br>
_______________________________________________<br>
undertow-dev mailing list<br>
<a href="javascript:;" onclick="_e(event, &#39;cvml&#39;, &#39;undertow-dev@lists.jboss.org&#39;)">undertow-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/undertow-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/undertow-dev</a><br>
</blockquote></div></div>