I did a few more tests and I think I can try to define my configuration and question a little better:
- I have one JAAS security domain using, for example, the LDAP login module and nothing else (not ClientLoginModule or anything like that, the SecurityAssociationValve is the one taking care of propagating the credentials). - Both the EJBs and the servlet are configured to used this JAAS security domain. - The servlet is also configured to use BASIC authentication. - Somehow, first time I am accessing the servlet, I give my user name and password, and someone (not sure who at this point) is calling the security domain JAAS login modules to do the authentication. I suppose that this same "someone" is adding the principal to the security domain credential cache. - Then the SecurityAssociationValve is called and makes sure that the authenticated principal is associated with the current security context. - When calling an EJB, credentials in the security context are found and authentication is not performed again as the principal is found in the domain credential cache. If this is the way it is actually working, I will first be curious to know who is the "someone" calling the JAAS module (so I can look at the code and understand better)? If I replace the LDAP login module by my custom login module, I can create a custom principal and have it returned by the EJBContext.getCallerPrincipal, but I have two problems: 1) This custom principal is not the one returned by HttpServletRequest.getUserPrincipal and I am not sure to know why. 2) This principal is not the one used as the key of the security domain cache (and this is this one that I want ot change under the cover to make it unique even if user name and password are the same). Thomas View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3878259#3878259 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3878259 ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
