Finally! I've spent 2 weeks trying to get this security with a custom principal working and it finally appears to be working!
That was the break i needed, I did a search and it would appear "CallerPrincipal" is some kind of internal static variable, the clue was here: anonymous wrote : The CallerPrincipal role set consists of the Principal identity assigned to the user in the application domain. It is used by the EJBContext.getCallerPrincipal() method to allow the application domain to map from the operation environment identity to a user identity suitable for the application. If a Subject does not have a CallerPrincipal role set then the application identity is that of the operational environment identity. see http://www.huihoo.com/jboss/online_manual/3.0/ch09s17.html So the reason why EJBContext.getCallerPrincipal() was returning the SimplePrincipal (the operational environment identity) that was created by JBossSecurityMgrRealm was because MyLoginModule was not adding the Principal to a Group called "CallerPrincipal". The solution was to flip the realm back to the JBossSecurityMgrRealm and use my own login module which extends UsernamePasswordLoginModule and returns the identity in a group called caller principal, i.e. public class MyLoginModule extends UsernamePasswordLoginModule | { | private Principal identity; | public boolean login() throws LoginException | { | ... | identity = new MyPrincipal(username); | ... | } | | public Group[] getRoleSets() | { | SimpleGroup callerPrincipal = new SimpleGroup("CallerPrincipal"); | callerPrincipal.addMember(identity); | | return new Group[]{ callerPrincipal }; | } | } So the Principal created in the LoginModule is not returned by both HttpServletRequest.getUserPrincipal() and EJBContext.getCallerPrincipal() . Thanks for all your help, hope this can help someonelse one day. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3950609#3950609 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3950609 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
