On Sep 8, 2008, at 6:13 AM, Luis F. Planella Gonzalez wrote:
The tomcat realm is a JAASRealm with a login module that always
validates
the user and grants the 'user' role.
After a successful login, on the servlet, an EJBAccessException is
always
thrown, and the weird part is that the tomcat realm (as seen on
request.isUserInRole('user')) is using the login information
correcly, but
the EJB is not. That's why I've reported
http://issues.apache.org/jira/browse/OPENEJB-902 another issue
where I said
that the TomcatSecurityService should delegate the isCallerInRole() to
realm.hasRole(), but, as
http://www.nabble.com/Re%3A-TomcatSecurityService-p19125345.html
stated
previously by Dain , this is done under the hood by the JACC
implementation.
Hi Luis,
Looking at Dain's response it seems like the ejb isCallerInRole
ultimate does delegate to
user.getRealm().hasRole(user.getTomcatPrincipal(), logicalRole) to
determine if a user has a role. Looking at your reply it wasn't clear
to me if you tried the example Dain made. Where you able to get that
to work? That would help us determine where the issue might be.
-David
