These two mechanisms should behave the same provided that the Bill2Realm configuration includes the org.jboss.security.ClientLoginModule. If it does not then you will see the principal=null issue. Using the SecurityAssociation as a public api is not supported and when run with a security manager, will require the assignment of permissions to the application code that will not generally be allowed.
xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: "Brian Topping" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, June 15, 2003 9:36 AM Subject: RE: [JBoss-user] JBossSX in a cluster Thanks Scott. I didn't think I'd found a bug, but that I am wasn't configuring something correctly. It turns out that my "client" was running as a servlet. The client login code that is demonstrated in the jboss doco and was in my servlet is overridden by the web container Principal/Credential. Since no login was made there, the principal/credential were null. What was strange about the situation is calls to the EJB container from the web container worked fine so long as the EJB container was under the same JVM. Once the two were split, the calls stopped working. My problem arose because there are EJBs that are both local to the web JVM and in a different machine from it. So it was strange that the calls locally were working and the ones remotely were not. That may be an undocumented feature/bug, but I don't know the semantics of the calls as well as I should to determine that. In the end, I replaced: AppCallbackHandler handler = new AppCallbackHandler("initial", "initial"); LoginContext lc = new LoginContext("Bill2Realm", handler); lc.login(); // lookup, etc. with: AuthenticationManager sm = getSecurityManager(); SimplePrincipal principal = new SimplePrincipal("initial"); if (sm.isValid(principal, "initial")) { if (log.isDebugEnabled()) { log.debug("positive auth from JBoss"); } SecurityAssociation.setPrincipal(principal); SecurityAssociation.setCredential("initial".toCharArray()); } // lookup, etc. I'm not sure if this is a really ugly hack or the right way to be doing this, but it seems to be working okay. If there's a better way to be doing it (I'm also doing this in some app-managed form login code), I'm all ears. Thanks again for your help, Brian ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user