On Apr 6, 2009, at 4:03 AM, dojolava wrote:
The main problem really might be that due to the fact that OpenEJB
does not
return the UserPrincipal on getCallerPrincipal(), it is not possible
to
determine the callers identity...
The code that selects the caller identity was purposely not tied
directly to the UserPrincipal object used by the
PropertiesLoginModule. The primary reason was to ensure that other
LoginModule implementations can be used -- say like in Tomcat where
the Tomcat security realm code is used instead. But, definitely it is
unoptimal to have getCallerPrincipal not be predictable when using one
of the JAAS LoginModules we provide.
To get around this and to hopefully provide a painless way for third-
party login modules to better support getCallerPrincipal I added a new
@CallerPrincipal annotation which can be used by JAAS login modules to
flag a specific principal as the one that should be used. Here's the
JIRA:
https://issues.apache.org/jira/browse/OPENEJB-1015
So this should be fixed now. I've uploaded new snapshots you can try
out:
http://repository.apache.org/snapshots/org/apache/openejb/openejb-standalone/3.1.1-SNAPSHOT/openejb-standalone-3.1.1-20090407.001236-1.zip
http://repository.apache.org/snapshots/org/apache/openejb/openejb-tomcat-webapp/3.1.1-SNAPSHOT/openejb-tomcat-webapp-3.1.1-20090407.001236-1.war
Let us know if this works how you'd like.
-David
