[jboss-user] [Security & JAAS/JBoss] - JAAS on remote (standalone) Tomcat with JBoss SEAM - identit

[lbalint]

Good morning,

I use JBoss AS 5.0.1 and separate Apache Tomcat 6.0.18 with the newest version of JBoss Seam - and now the problem:

JBoss Seam uses its own Seam identity - because it's remote EJB calling, I have to use ClientLoginModule to associate principal and credential with tomcat thread ... Can you explain me how is SecurityAssociation propagated to the server side? After seam identity login method calling is LoginContext.login() called to (ClientLoginModule)
On the server side is all protected by security domain with non-null unauthenticated prinicpal (anonymous) ... after my first seam login is all set correctly, but after my second login will the right identity missing and authentication is set to anonymous prinicipal even if SecurityAssociation on client side corresponds with a valid user. Very strange behavior. JBoss seam doesn't work correctly with LoginContext - this context should be called in seam identity logout too (it's a bug)

Thanks for your answers and ideas

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4228512#4228512

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4228512