Hi, I want to implement a secure web application without to use the web.xml's security constraints. My servlet can be accessed by authenticated and unauthenticated users. When the login is requested, my servlet receives username and password from a html login page, creates a UsernamePasswordHandler and tries to authenticate that user (username) using programmatic login. If login succeeds, the servlet stores the returned Subject to the user's session and continues its execution. For new requests (after login), the servlet gets the Subject from the session and checks the user (new LoginContext is created for each request using the Subject). This works well only for the servlet execution. If the servlet tries to access a protected EJB, the sessionContext.getCallerPrincipal returns null. Is there a way to allows that authenticated user access those protected EJBs?
Any help would be much appreciated! Thanks a lot! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3841815#3841815 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3841815 ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
