On Sun, 10 Feb 2003, Peter Kelley wrote:
> Date: 10 Feb 2003 17:22:53 +1100 > From: Peter Kelley <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: Tomcat Users List <[EMAIL PROTECTED]> > Subject: Re: Valve Access to Principal > > OK I'm still not sure we are talking on the same page so please bear > with me whilst I attempt to restate what is happening. > > Tomcat 4.1.18 running in JDK 1.4 > JBoss 3.0.3 running in JDK 1.3 > > Tomcat is running standalone in a seperate JVM to JBoss. > Both Tomcat and JBoss are running on the same machine (although this > configuration means that they could be running on seperate machines). > > Tomcat is running the JAAS login module and running a web application > that is making standard RMI calls to EJB's that are running on the JBoss > server. > You seem to be assuming that Tomcat knows how to propogate the security identity. It does not -- standalone Tomcat doesn't store Subjects or Principals on a per-thread basis at all (it only caches them in the session if there is one), and doesn't support propogation of security identity across JVMs under any circumstances. Any such features in the JBoss+Tomcat integration were implemented by JBoss folks, so you need to ask them for help in understanding what is going wrong in your scenario. Craig --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
