Hi,
I am using CAS with JBoss 4.2.
I've noticed CAS works great with Servlet/JSP: withing a Servlet/JSP,
request.getUserPrincipal() retrieves the correct user details such as username.
However, if my Servlet invokes a local EJB, it seems that user details aren't
propagated into the EJB. Example:
// Servlet invoking a local EJB:
class MyServlet extends HttpServlet{
public void doGet(...){
Context ctx=new InitialContext();
MyEjb ejb=(MyEjb) ctx.lookup("java:comp/env/myEbj");
int result=ejb.calculatePrice(...);
...
// And the EJB (local session bean, ejb 3):
@Stateless
@Local(...)
@RolesAllowed({"Secretary"})
class MyEjb{
public int calculatePrice(...)...
}
As I mentioned, *MyServlet* sees the correct userPrincipal, but *MyEjb* sees a
'null' user within its ejb context.
As a result, declarative EJB security doesn't work either (for example, my
@RolesAllowed annotation).
I have seen similar questions in the past, but couldn't find definite replies.
Would anyone happen to know whether there's any ready-made solution for this,
especially for JBoss (either by Yale, JASIG, or independent extentions)?
To the best of my knowledge this requires some container-specific code (e.g.
different code to JBoss / Glassfish etc, not just standard Servlet Filters).
Thanks very much.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
