Are you speaking of EmbeddedTomcat? If so, in the contrib/tomcat
module, there is a RequestInterceptor called
org.jboss.tomcat.security.JbossRealm that will alleviate this problem.
It's difficult to explain in words, but if you study the use-case
diagrams on the JBoss website, it's easier to understand. The basic
idea (I think) is that JAAS expects it's "client" to be in a separate
VM. The code in the server login modules in JBoss that are responsible
for setting the principal that normally gets called during a "login"
never gets called when the client is in the same VM. Study the diagrams
-- I found them infinitely understandable.
++jeff
Khaled Aboudan wrote:
> Hello,
>
>
>
> I wrote LoginModules for JAAS Authentication. Calling secured EJBs
> from a local client works fine. However, calling the same EJBs from a
> Tomcat causes a security exception stating that the principal is null.
>
>
>
> I have seen this discussed in many different threads. But I still have
> not seen any final verdict about the subject. Some people suggested to
> use 'Tomcat Style login Interceptor' ...is this the way to go? Could
> someone explain why this happens?
>
>
>
> Thanks in advance for your help.
>
>
>
> Regards,
>
> Khaled
>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user