[jboss-user] [Security] - Re: Caller unauthorized on using a ejb3 statetlesssessionbea

Wolfgang Knauf do-not-reply at jboss.com
Tue Oct 13 05:50:39 EDT 2009

Hi Michael,

I hope that I am not too annoying by insisting on the use of "WebAuthentication", but I still think that your use case should basically work with it. I am not sure whether the problems result from usage of it in the Struts2 action or whether they are a matter of some other error.

First of all: to get the servlet request inside your Action, implement the interface "org.apache.struts2.interceptor.ServletRequestAware" instead of calling "ServletActionContext.getRequest()". Maybe the latter creates new request instance where the login information is missing.

To test the login stuff, I would advice you to create a complete new web client for your app without struts, and use a plain servlet to perform a login in "doGet" or "doPost". If this works, then you know that your login module is OK and you can continue with your "real" app.

Your concerns about "j_security_check" and form based login: take a look at this link: http://roneiv.wordpress.com/2008/03/15/using-webauthentication-in-jboss/ . Though it is for JSF, it shows how to use a login form with a custom login servlet.

Hope this helps


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4260033#4260033

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4260033

More information about the jboss-user mailing list