[jboss-user] [Security & JAAS/JBoss] - Unable to get Subject from SecurityAssociation when calling
do-not-reply at jboss.com
Fri Aug 22 15:54:33 EDT 2008
I'm using JBOSS-4.2.3.GA under Jdk 1.6_05
I have an EJB3.0 Webservice Bean that calls two other EJB3.0 beans to do it's work. Inside the Webservice Bean I can call SecurityAssociation.getSubject and get the current security context subject. However, in the utility beans when I call SecurityAssociation.getSubject I only get a null.
I have tried adding <login-module code="org.jboss.security.ClientLoginModule" flag="required" />
to my login domain as suggested in the FAQ. I'm currently using the UserRolesLoginModule and security in general seems to work fine. The Caller Principal is propigated so all the regular stuff works. It's just SecurityAssociation that seems empty when crossing the EJB boundary.
The EJB are both in the same EAR, but in different JAR files, and I'm using the local interface reference from JNDI to call the beans.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4172066#4172066
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4172066
More information about the jboss-user