[jboss-user] [Security & JAAS/JBoss] - Subject Propagation in JBoss

sreeraaman do-not-reply at jboss.com
Thu Sep 28 07:36:46 EDT 2006


I am working with myeclipse and jboss. I have created a custom login module. All classes related to the custom login module have been packaged as a java jar file and made the jar file as a java jar dependent project so that both the web and ejb modules can use the class files present in the package. 

After configuring jaas in jboss and after successful authentication at the web tier, when I try to make a call to an EJB, the authenticated subject is not getting propagated from the web tier to the ejb tier. 

After successful login at the web tier, when I check the SecurityAssociation class, I get the following output with the following command:

System.out.println(SecurityAssociation.getSubject();

16:51:54,479 INFO  [STDOUT] Subject:
	Principal: sgopalan
	Principal: Roles(members:Recruiters)

However, when I make a call to a stateless session bean, it throws the following exception:

Caused by: java.lang.SecurityException: Insufficient method permissions, principal=null, ejbName=KRLMTest, method=HiringManagerMethod, interface=LOCAL, requiredRoles=[Recruiters], principalRoles=[].

I have a custom login module which extends the LdapLoginModule. For security propagation purposes, I have used the ClientLoginModule.

The ClientLoginModule's flag is set as required and the customLoginModule's flag is set as optional.

I thought it could be a problem with the dependant java jar and subsequently, moved the classes to the ejb module. But, still I was not able to get this thing working.

The version of JBOSS I am using is JBOSS 4.0.4 GA.

Any help would be much appreciated.

Thanks in advance.

Sriraman.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3974839#3974839

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3974839



More information about the jboss-user mailing list