[jboss-user] [Security & JAAS/JBoss] - Re: identity propagation between different instances
realmdynamics
do-not-reply at jboss.com
Wed Oct 10 14:50:31 EDT 2007
Hi anil.saldhana
since the ejb tier is on a different box than the web tier, I thought that conceptually, I would need to configure the ejb tier to trust the security info coming in from a specific web tier box (otherwise, it may be possible to fake the principal and get in without authentication.)
anyways, I tested this configuration using form base authentication at the web tier level and then invoking an ejb on a different box. I invoked a method that doesn't require any authorization and that works fine (initial context plumbing working). When I tried a method requiring authorization, got an exception saying that there is insufficient permission and that the principal=null. Am I missing something?
thx
Robert
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4093677#4093677
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4093677
More information about the jboss-user
mailing list