1

I am working on a web project which contains EJB components and is deployed in JBoss EAP 7.0.7. Some of the EJBs are called from a standalone client application.

The problem is although the authentication seems to work fine, the principal is not propagated to the EJB layer, so when I call sessionContext.getCallerPrincipal().getName(), it just returns "anonymous".

It seems that my configuration works fine. I setup a security domain in my standalone.xml and jboss-web.xml, then I annotated my EJBs to use the configured security domain.

When I call the EJB from within the web app, it works perfectly fine. The principal is propagated and set to the logged in user (I used the HttpServletRequest.login api).

So how would I propagate the principal to the EJB layer just as it is propagated using the HttpServletRequest.login? Is there any api similar to the one I mentioned that I can implement in a standalone app? Ive been searching for some time now, but nothing worked for me so far. Hope someone can help me. Thanks!

heisenseiberg
  • 39
  • 9
  • These links might be useful for your case: https://stackoverflow.com/questions/10629756/how-to-manually-set-propagate-security-context-information-e-g-principal-for-jb?noredirect=1&lq=1 https://stackoverflow.com/questions/12213734/how-to-propagate-jaas-subject-when-calling-a-remote-ejb-rmi-over-iiop-from-a-p – Alex Mi Sep 29 '17 at 12:08
  • 1
    Thanks but that did not work for me, instead I figured out that the default-security-domain in my standalone.xml needs to be referenced to my custom security domain. Now it gives me the correct principal! I have another issue though, part of my code needs to call Security.doAs(subject, PrivilegedAction). I was able to authenticate using LoginContext to switch principal, but then when the EJB is lookedup up inside my PrivilegedAction.run method, the principal is still set o the original user I used to log in to my web app. – heisenseiberg Oct 03 '17 at 01:19

0 Answers0