[jboss-user] [Security & JAAS/JBoss] - Re: How to set EJBContext callerPrincipal from LoginModule?

[leobaz2]

I'm not sure if you created the bug yet but here is what I found:

When you log in to a web app:
1) In JBossWebRealm.authenticate, a SimplePrincipal is created with the username (line 382).
2) This SimplePrincipal is passed to  SecurityAssociationActions.setPrincipalInfo on line 388 of JBossWebRealm.
3) The SimplePrincipal gets passed through to SubjectInfo constructor line 56.  At this point, we have the SimplePrincipal and the Subject which contains the custom principal.
4) Here, a CredentialIdentity is created which holds the SimplePrincipal.  This CredentialIdentity is not passed the subject so the custom principal is lost at this point.

Later on the explicit call to getCallerPrincipal() in your EJB will invoke JBossSecurityContextUtil.getUserPrincipal.  This will get the SubjectInfo and get the identity of type CredentialIdentity.  From step 4 above, the identity of type CredentialIdentity will only contain the SimplePrincipal.  That sums it up.

I don't see any way we can currently get back the custom principal without a code change. 

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4215976#4215976

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4215976