Oleg,
Another insight.
Just to keep myself from going mad I like to believe that I know
what I am doing. As it turns out I just succeeded in proving myself
wrong.
To start with, I noticed some perculiar behaviour in matching up the
login context name with the section name in the auth.conf
I would only have a (partially) working solution if I actually
had a situation where I issued new loginContext("Companion", handler)
and had the following auth.conf
companion
{
org.companion.security.ClientLoginModule required multi-threaded="true";
}
other
{
org.jboss.security.ClientLoginModule required;
}
The carefull reader will notice that although I thought that I was
using "org.companion.security.ClientLoginModule", in fact I am
using "org.jboss.security.ClientLoginModule". As we all know
the latter one instantiates.... SimplePrincipal :-)
So the SimplePrincipal I see in the entity bean must be orginating
SimplePrincipal from the ClientLogin.
What still has to be explained is this:
How is it possible that I get a CompanionPrincipal returned in my
Session bean? I will do that right now.
Another insight:
I have to put this in JBoss.xml
<entity>
<ejb-name>Business</ejb-name>
<jndi-name>Business</jndi-name>
<configuration-name>Authorized BMP EntityBean</configuration-name>
</entity>
instead of
<entity>
<ejb-name>Business</ejb-name>
<jndi-name>Business</jndi-name>
<configuration-name>Standard BMP EntityBean</configuration-name>
</entity>
I admit it. I deserve a good spanking for this. Consuming costly time,
bandwidth and many other resources of all those who have contributed
in this topic.
For what it's worth:
Oleg, Scott and John I want to thank you all for being patient with me.
And Oleg you were ever so right it does work!!!
Regards,
Cor.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Oleg Nitz
Sent: Tuesday, February 27, 2001 16:08
To: JBoss-User
Subject: Re: [jBoss-User] Problems with Principal class propagation
Cor Hofman wrote:
> Oleg,
> Since I am in the process of understanding about good and wrong
> here, I did the following:
> * As I described with the ClientLogin.
> I aggree with you that I would not need it there.
> * In the Serverlogin I do the following in the commit() method
> Set principals = _subject.getPrincipals();
> principals.add = new CompanionPrincipal(orgpin, user,
> groupid);
> Effectively adding my own Principal to the subject.
> As I said I aggree that I could probably do without the CompanionPrincipal
> in the ClientLogin. Other then that I get the impression that I am
> doing what you are suggesting. Does this shed a little more light on
> the situation?
No, vice versa :-(
On the server side you are doing the same as I do, but for me it works
and for you it doesn't :-(
I cannot help you while I am not able to reproduce the bug.
But there is one more difference: your client login module is
multithreaded, while my is not.
What is really amazing in your situation is that SimplePrincipal is
instantiated *only* in org.jboss.security.ClientLoginModule,
you say that you haven't it in your client JAAS configuration,
but getCallerPrincipal() returns SimplePrincipal instance on
the server.
How can it be? One more insight, please :-)
Oleg
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
List Help?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
List Help?: [EMAIL PROTECTED]
