Hi everybody,
I've developed a EJB3.0 Application; now I want to add security using JAAS.
The client is a rich Delphi application that comunicates with server via HTTP
througth a servelt. This servlet has this login JAAS code:
loginContext = new LoginContext("GTSPDB", new MyCallbackHandler(user,
password));
| loginContext.login();
|
where user and password come in the HTTP request. The user authentication works
fine but when I call the sessioncontext getCallerPrincipal into the sessionbean
and error raises:
12:31:11,304 TRACE [SecurityAssociation] getCallerPrincipal, principal=null
| 12:31:11,320 ERROR [STDERR] java.lang.IllegalStateException:
| No valid security context for the caller identity
|
I've declared the security context in login-config.xml
<application-policy name = "GTSPDB">
| <authentication>
| <login-module
code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
| <module-option
name="dsJndiName">java:/MySqlHibernate</module-option>
| <module-option name="principalsQuery">SELECT password FROM user
WHERE name=?</module-option>
| <module-option name="rolesQuery">SELECT rolename,'Roles' FROM
userrole WHERE userrole.username=?</module-option>
| </login-module>
| </authentication>
| </application-policy>
and tables in database are populated with these user and roles data.
I've read the "JAAS Howto: README FIRST" but I haven't found solution.
Why Principal is not propagated to sessionbean if login works¿? what am I doing
wrong¿? am I missing something¿?
thanks in advance for your help.
pedro.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4080248#4080248
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4080248
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
