[jboss-user] [Security & JAAS/JBoss] - Set Principal in a web application

hubaer do-not-reply at jboss.com
Mon Feb 16 08:50:22 EST 2009

Hi all,

I don't know if this here is the right forum, but hopefully I get some answers from the experts.

We are migration a devided application (web, batch processing, web services all single applications) into a JEE application, running on JBoss.

As far, most of the parts are running correctly, but we have a little problem with the interaction of the web with our EJB3 session / entity beans. For auditing purpose we must store the name of the user which created or modified an entity. Therefore we write an interceptor with get the principal from the SecurityAssociation class.
To access the session beans we make a JNDI lookup like

  | environment.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
  | environment.put(Context.SECURITY_PRINCIPAL, "testName");
  | environment.put(Context.SECURITY_CREDENTIALS, "testPassw");
  | environment.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces");
  | environment.put("java.naming.provider.url", "jnp://localhost:1099");
  | InitialContext context = new InitialContext(environment);
  | context.lookup(jndiName);

But always we call SecurityAssociation.getPrincipal() in our audit interceptor we get a null object.
We tried the same with a remote client setting the same JNDI values and got the principal from the SecurityAssociation.

Do I miss something accessing the the session beans via JNDI inside JBoss from the web layer to the EJB layer?
Any help is welcome.


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4210339#4210339

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4210339

More information about the jboss-user mailing list