[jboss-user] [Security & JAAS/JBoss] - Re: identity propagation between different instances

realmdynamics do-not-reply at jboss.com
Wed Oct 10 14:50:31 EDT 2007


Hi anil.saldhana
    since the ejb tier is on a different box than the web tier, I thought that conceptually, I would need to configure the ejb tier to trust the security info coming in from a specific web tier box (otherwise, it may be possible to fake the principal and get in without authentication.)

    anyways, I tested this configuration using  form base authentication at the web tier level and then invoking an ejb on a different box. I invoked a method that doesn't require any authorization and that works fine (initial context plumbing working). When I tried a method requiring authorization, got an exception saying that there is insufficient permission and that the principal=null. Am I missing something?

thx
Robert

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4093677#4093677

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4093677



More information about the jboss-user mailing list