[jboss-user] [Security & JAAS/JBoss] - Re: Using SecurityClient

rbattenfeld do-not-reply at jboss.com
Tue Jun 9 09:48:27 EDT 2009

Hi Wolfgang and Anil

Thank you for your replies. I changed the client login as mentioned in the thread: 

Unfortunately, it didn't solve the problem. May the problem is related to how my custom login module passes the roles back to the JAAS framework. According this blog:
the way of passing roles are JBoss specific. May I have to pass it differently when using standard JAAS client login without the SecurityClient.

The code is:
  | if (!subject.getPrincipals().contains(user))
  | {
  | 	subject.getPrincipals().add(user);	
  | 	/**
  |          * this is the important part to work with JBoss:
  | 	 * jboss requires the name 'Roles'
  | 	 */
  | 	 SimpleGroup group = new SimpleGroup("Roles");
  | 	 for (SimplePrincipal role : roles) 
  | 	 {
  | 	   	group.addMember(role);
  | 	 }
  | 	 subject.getPrincipals().add(group);
  | }

The login itself works fine. The security exception is thrown when the client invokes a method from the session bean. 


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4236388#4236388

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4236388

More information about the jboss-user mailing list