[jboss-user] [Security] - Re: Authentication succeeded, getCallerPrincipal()=anonymous

zour do-not-reply at jboss.com
Thu Oct 29 11:23:31 EDT 2009

> How does your client access your secured app?

FarmerBeanRemote farmerBean = UserSession.getInstance(getShell().getDisplay()).getMasterDataServices().locateFarmerBean();
  | try {
  | 	farmerBean.setAnything(this.actor, id);
  | } catch (Exception ex) {
  | 	throw new RuntimeException(ex);
  | }

Obtaining of RAP client's user session:
public static UserSession getInstance(Display display) {
  | 	return SessionAccessRunner.getUserSession(display);
  | }

Bean lookup:

public FarmerBeanRemote locateFarmerBean() {
  | try {
  | 	Object objRef = getInitialContext().lookup(FARMER_BEAN);
  | 	return (FarmerBeanRemote) PortableRemoteObject.narrow(objRef, FarmerBeanRemote.class);
  | } catch (Exception ex) {
  | 	throw new RuntimeException("Failed to lookup FarmerBean: " + ex.getMessage(), ex);
  | 	}
  | }

The lookup does work, as well as using methods from that bean. 
Yet the injected SessionContext isn't aware of the login process.

> Is it a standalone application client

It is a RAP-Client (Rich Ajax Platform) deployed to JBoss. Practically it's running inside a JVM on the server. But any UI elements are rendered in an internet browser (using qooxdoo Javascript-Engine). It's RCP for the web browser.

> Is some servlet/website/web service called?

As far as I understand, a component called ServletBridge does this:
Hooks back into the servlet bridge and proxies requests through to the servlet container to provide an OSGi Http Service."

> How does the client log in? 

Via a webpage (login.html) before the RAP-Application starts, see web.xml above.

Maybe this isn't all about JBoss Security, but has something to do with how RAP handles requests, as I found here:

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4263004#4263004

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4263004

More information about the jboss-user mailing list