[jboss-user] [Security & JAAS/JBoss] - Re: Principal from Servlet to EJB not propagating?

[jaikiran]

I guess this is what your usecase is:

1) There's a request coming into your servlet
2) Your servlet does a JAAS login
3) Servlet dispatches the control to JSP
4) User does some action on JSP and submits the JSP
5) On submitting the JSP(i.e. on some user action on the JSP), an EJB is called.

If i have got your usecase right, then here's what is happening:

- After you do a login in Step#2 the request object is not yet populated with the user information(since the request object was created even before you had logged in), so using methods like getRemoteUser and isUserInRole is of no use.
- After step#4, when the user submits the JSP, a new request is created and this time the user information is populated appropriately, since the user is still logged in as a result of Step#2.
- So now when the EJB gets called, the user information is propogated to those EJB and you will be able to use methods like isUserInRole successfully.



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3981359#3981359

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3981359