"tthiele" wrote : hmmm... I think there is this missing in your application-policy as the last login-module: | | <login-module | code = "org.jboss.security.ClientLoginModule" | flag = "required"> | </login-module> |
Using JBAS 4.0.1sp1 Just for the record, that also solves the problem for those of us who were getting an "anonymous" Principal from the SessionContext (EJBContext). The Principal and Credential were just not propagated between the servlet container and the EJB container when using the standard JNDI InitialContext setup such as: | ... | properties.put(Context.SECURITY_PRINCIPAL, principal); | properties.put(Context.SECURITY_CREDENTIALS, credential); | ... | When adding the org.jboss.security.ClientLoginModule after our custom login module, the Principal and Credential are properly propagated. I find this, once again, a typical JBoss way of doing things, quit disturbing however, as I found nowhere reference to this in the JBoss docs (and I wonder if the J2EE specs are really OK with this, but I didn't find anything so far that said they were not). Cheers, --- "Optimists are just misinformed pessimists." View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3873430#3873430 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3873430 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
