Hello, I am experiencing some strange security behaviour during the first call to an session bean after loggin in (using form based authentication and the database login module).
When I am trying to acces a secured web resource I am persented the login page and login. After this I am directed to the originally requested web resource (Struts action). So the web container agrees that the logged in user has the correct roles for acces to this resource. Now I make a call from this action to a stateless session bean which looks up the name of the logged in user to do some processing (esing SessionContext.getCallerPrincipal().getName()). I was very suprised that it returned "anonymous"! Anonymous is indeed the identity that I configured for unauthenticated users, but this user has allready logged in, therefore his identity should be known. Now when I call this method again, it DOES return the correct user identity "erwin" in this testcase??? Could you explain whether this could be a bug or what I could be doing wrong, because as far as I know the ejb container should return me the correct identity in both cases!? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3857730#3857730 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3857730 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user