[jboss-user] [Security & JAAS/JBoss] - Re: Principal from Servlet to EJB not propagating?
jaikiran
do-not-reply at jboss.com
Fri Oct 27 23:40:37 EDT 2006
anonymous wrote : I am wondering if the ClientLoginModule is consulted before calls are made to EJB!
I *guess* that's right. I saw your application policy. Just for the sake of confirming this, try changing it to:
<application-policy name = "myPolicy">
| <authentication>
| <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required" />
|
| </authentication>
|
| </application-policy>
Note that i have removed the ClientLoginModule entry. Now, i believe you will not be able to see the roles even in the EJB. Note that as per Q3
at :
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ
the original application policy that you have is absolutely correct and i am asking you to change it only for the sake of testing.
I will be able to give you a definite answer only after checking some docs and code(and that will not be before next week).
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3981487#3981487
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3981487
More information about the jboss-user
mailing list