We currently don't have it. At Rutgers we don't use EJBs so we haven't encountered this. If someone's willing to assist, we'd be happy to add this to the Jasig client.
-Scott On Sun, Feb 22, 2009 at 11:39 AM, sol myr <[email protected]> wrote: > Hi, > > I am using CAS with JBoss 4.2. > > I've noticed CAS works great with Servlet/JSP: withing a Servlet/JSP, > request.getUserPrincipal() retrieves the correct user details such as > username. > > However, if my Servlet invokes a local EJB, it seems that user details > aren't propagated into the EJB. Example: > > // Servlet invoking a local EJB: > class MyServlet extends HttpServlet{ > public void doGet(...){ > Context ctx=new InitialContext(); > MyEjb ejb=(MyEjb) ctx.lookup("java:comp/env/myEbj"); > int result=ejb.calculatePrice(...); > ... > > // And the EJB (local session bean, ejb 3): > @Stateless > @Local(...) > @RolesAllowed({"Secretary"}) > class MyEjb{ > public int calculatePrice(...)... > } > > As I mentioned, *MyServlet* sees the correct userPrincipal, but *MyEjb* > sees a 'null' user within its ejb context. > As a result, declarative EJB security doesn't work either (for example, my > @RolesAllowed annotation). > > I have seen similar questions in the past, but couldn't find definite > replies. > Would anyone happen to know whether there's any ready-made solution for > this, especially for JBoss (either by Yale, JASIG, or independent > extentions)? > To the best of my knowledge this requires some container-specific code > (e.g. different code to JBoss / Glassfish etc, not just standard Servlet > Filters). > > Thanks very much. > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
