[jboss-user] [Security & JAAS/JBoss] - Re: JAAS Authentication from stand alone client

eefahs do-not-reply at jboss.com
Wed Sep 3 23:52:21 EDT 2008

Hi ragav,

Yes I am using a java client,   yes first the user will login to the system by accessing the secured subsystem and after that he can access any other subsystem without any authentication, that is my requirement.

But, after successfull login when the user trying to use a unsecured subsystem and an ejb from this unsecured subsystem wants to access a ejb from the secured subsystem the call fails with the error 

Caused by: javax.security.auth.login.LoginException: Username not supplied. 
  | at com.ibsplc.iRes.security.jboss.db.JDbLoginModuleImpl.throwLoginException(JDbLoginModuleImpl.java:322) 
  | at com.ibsplc.iRes.security.jboss.db.JDbLoginModuleImpl.getUserName(JDbLoginModuleImpl.java:368) 
  | at com.ibsplc.iRes.security.jboss.db.JDbLoginModuleImpl.login(JDbLoginModuleImpl.java:164)

user 	- accessing secured ejb - internall calls LoginModule.login() login successfull

	- accessiing unsecured ejb  - successfull
	- accessing a unsecured ejb, which calls secured ejb  -  failes	
So how this unsecured ejb can be enabled to call a secured ejb? I tried by defining the appropriate security-role-ref  for the unsecured ejb also.   But again the call from unsecured subsystem to the secured subsystem   triggers the  LoginModule.login() and the username is null;

Is something wrong in my logic? 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4174148#4174148

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4174148

More information about the jboss-user mailing list