3
Vote

Authentication not propagated to EJBs

description

I went with jboss-negotiation (SPNEGO). There is much more to do in terms of configuration but it works for what I need to do.
Look at http://community.jboss.org/wiki/JBossNegotiation and what they do for this.

comments

bysse wrote Jun 8, 2011 at 7:37 PM

I'm using the NegotiateAuthenticator for authentication in JBoss 6.
After the user has been authenticated and tries to perform an EJB call, the principal isn't propagated. Instead the JAAS-login chain is invoked with null username/credentials, which of course doesn't work. That is about as far as i've gotten.

bysse wrote Jun 14, 2011 at 9:32 AM

I've managed to get a bit further by calling the Jaas login chain in a subsequent authenticator valve:

context.getRealm().authenticate(user, password);

When doing SSO you don't have access to the password, so i'm using a secret key as password and a custom LoginModule that
authenticates if the key is used. As far as i know this seems to be the only option.
The first call to an EJB works as expected but the next call crashes. So i'll have to sort out how to set the principal, userprincipal,
callerprincipal correctly for this to work.

maol wrote Jan 4, 2013 at 10:15 AM

I also have this problem.
In the servlet code when I do request.getRemoteUser() it is correct, but in an EJB if I do: context.getCallerPrincipal it returns anonymous :'( .