[jboss-user] [Security] - Authentication succeeded, getCallerPrincipal()=anonymous
zour
do-not-reply at jboss.com
Tue Oct 27 06:15:27 EDT 2009
I'm using JBoss 5.1.0, a J2EE application, the frontend is a RAP application
deployed in an OSGi container (Equinox). All runs fine beside the login.
Though authentication is successfull, I always get the default identity
anonymous from an EJB. Login does work properly, since if I enter a
wrong password I get redirected to the according web page.
@SecurityDomain("myapplication")
| @Stateless(name = UserBean.EJBNAME)
| public class UserBean implements UserBeanRemote, UserBeanLocal {
|
| public static final String EJBNAME = "UserBean";
|
| @Resource()
| private transient SessionContext session;
|
| @Override
| public void testSession() {
| String name = this.session.getCallerPrincipal().getName();
| System.out.println("Principal: "+name);
| }
The principal's name is always 'anonymous' (the default).
The custom login module is being used in other J2EE applications without
such problems. Snippet from login-config.xml:
<application-policy name="myapplication">
| <authentication>
| <login-module code="com.mypackage.ejb.jaas.AuthenticatorLoginModule" flag="required">
| <module-option name="authenticatorJndiName">MyApplication/AuthorizationBean/local</module-option>
| </login-module>
|
| <login-module code="org.jboss.security.ClientLoginModule" flag="required" />
| <authentication>
| <application-policy>
web.xml:
<login-config>
| <auth-method>FORM</auth-method>
| <form-login-config>
| <form-login-page>/login.html</form-login-page>
| <form-error-page>/login_failed.html</form-error-page>
| </form-login-config>
| </login-config>
jboss-web.xml
<jboss-web>
| <security-domain>java:/jaas/myapplication</security-domain>
| </jboss-web>
jbossweb.sar/contex.xml
<Context cookies="true" crossContext="true">
| <Manager pathname="" />
| <InstanceListener>org.jboss.web.tomcat.security.RunAsListener</InstanceListener>
| <Valve className="org.apache.catalina.authenticator.FormAuthenticator" characterEncoding="UTF-8" />
| </Context>
I don't know if this is a bug or I'm just missing some configuration.
A Realm perhaps? Would this work: http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#JAASRealm
I have another working authorization configuration with JAAS and Seam,
but this doesn't require any Realm's at all.
Could you please give me a hint?
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262350#4262350
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262350
More information about the jboss-user
mailing list