geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kistler <>
Subject Trouble obtaining JaaS login context from within EJB
Date Fri, 19 Jun 2009 13:44:36 GMT


I'm currently developing an Enterprise application which Comprises of a
servlet and ejb for Geronimo 2.1 and I have secured the Ejb with a Security
Realm configured to authenticate against a SQLLoginModule.  I'm confident
that this is authenticating correctly as I have done negative and positive

I'm testing my ejb my connecting to it from a servlet as follows:

		CallbackHandler handler = new UserIdPasswordCallbackHandler(user,
		LoginContext ctx = new LoginContext("SecurityRealm",handler);

This succeeds when supplied the correct credentials and throws exceptions
with invalid credentials.

I obtain a reference to the remote interface as follows:

Properties prop=new Properties();
			prop.put("java.naming.provider.url", "ejbd://localhost:4201");
			Context context = new InitialContext(prop);

Object o = context.lookup("SessionManagerBeanRemote");
SessionManagerRemote remote = (SessionManagerRemote)o;

This works correctly as I am able to call my remote ejb methods!

Now - the piece I am missing is I need to be able to obtain the current
Subject that was authenticated.  ie - I need to know the identity of the
user that has been authenticated to use this ejb and is invoking it.  So if
joe was authenticated to use the SessionManager - I need to be able to
obtain joe's login name.

I believe if I was within a web container I'd be able to use the equivalent
of:  HttpServletRequest.getUserPrincipal() ...  Can someone point me to a
reference, decently documented example or something that will tell me what
API I need to use?  I'm happy to do some reading but I've looked around
quite a bit and I think I might be missing something...  There doesn't seem
to be a clear reference to this is the standard geronimo documentation -
only some lite discussion for web containers.

Thanks in advance!
View this message in context:
Sent from the Apache Geronimo - Users mailing list archive at

View raw message