[ http://issues.apache.org/jira/browse/GERONIMO-668?page=all ] Aaron Mulder reopened GERONIMO-668: -----------------------------------
I think we need to look at this issue in more detail. I believe the app servers I've used all managed to pick out the "user" principal to return from getCallerPrincipal, and every time I've used it it's been with the intention of identifying the login name of the current user. It seems that most login modules produce both a "user" and at least one "group" principal. We need to be able to figure out which principal class is "primary" and should be returned from getCallerPrincipal. It seems like this could be metadata we associate with the login module or realm. > Unable to determine username from EJB method > -------------------------------------------- > > Key: GERONIMO-668 > URL: http://issues.apache.org/jira/browse/GERONIMO-668 > Project: Geronimo > Type: Bug > Versions: 1.0-M4 > Reporter: Ivan Dubrov > Assignee: David Jencks > Fix For: 1.0-M4, 1.0-M5 > > When calling EJB method from the Web module some important security context > information (username) is lost. It is impossible to determine caller user > name from the EJB method. EJBContext.getCallerPrincipal().getName() returns > something like this: > [org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal: manager] > Note that only group name can be determined from this string or from the > EJBMethod.getCallerPrincipal(). -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
