[jboss-user] [EJB 3.0] - Security principal propagation accross ejb3 modules

Davide Tabarelli do-not-reply at jboss.com
Tue May 25 10:55:33 EDT 2010

Davide Tabarelli [http://community.jboss.org/people/giantPM] replied to the discussion

"Security principal propagation accross ejb3 modules"

To view the discussion, visit: http://community.jboss.org/message/544697#544697

No one is answering me ... maybe my question is too newbie/stupid or ill-posed ??

I suppose the last (ill-posed) and therefore I try to explain it again better.

As far as I know, credential/principal has to be propagated within ejb modules in the same JVM/JBoss instance, but it seems this doesn't happen in my system (JBoss 5.1.0 GA).

The situation:
- Two EJB modules in an EAR. Same security realm.
- A client (web or standalone ... doesn't matter) calls a method A inside a session bean in EJB A. 
- The client is authenticated as Principal="SomeOne", Role="MyRole".
- The method requires role "MyRole" by means of @RolesAllowed("MyRole")
- The method A in turns calls a method B, that is inside another session bean in EJB B.
- Also the method B is marked with @RolesAllowed("MyRole").
- Resulting exception: "javax.ejb.EJBAccessException: Caller unauthorized"

Looking into the logs (TRACE level) it points out that:
1) The call to the method A is succerssfully authenticated (Principal="SomeOne", Role="MyRole").
2) The principal/credentials get lost in the subsequent call to method B (Principal=anonymous).

Someone faced this issue before?

Thanking you in advance.



Reply to this message by going to Community

Start a new discussion in EJB 3.0 at Community

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100525/16b442c8/attachment.html 

More information about the jboss-user mailing list