Hello, everybody.
Here is what I ran across. JaasSecurityManager expects the Credential
object from the SecurityAssociation to be assignable to a char[], while
JbossRealm Tomcat interceptor sets the Credential object to be a String
which is the password from the Tomcat session. This causes problems when
EJB requests are coming from web-tier into a JAAS secured container.
I checked my mods and they fix the problem that I was experiencing. I was
not sure if I should go ahead and fix it myself in the CVS, so I am
posting this. Instead of JbossRealm.java:35
SecurityAssociation.setCredential(passwd);
it should be something like:
SecurityAssociation.setCredential((passwd == null)? null: passwd.toCharArray());
Anatoly Akkerman.
