Hi *,
I have a simple problem:
I have the requirement to run code by the means of a specific user. This
has to work with all aspects, as code I then have to invoke as that
specific user depends on code like 'EJBContext.getCallerPrincipal' to
return the current running user (the one I "sudo" to).
For a test I just made up two EJBs, "BeanA" calling "BeanB", but before
that I do something like this:
Set<Object> credsPrivate = new HashSet<Object>();
PasswordCredential pwd = new PasswordCredential(
user,
passwd.toCharArray(),
"myCustomJDBCRealm");
credsPrivate.add(pwd);
final Subject s = new Subject(false,
new HashSet<Principal>(),
new HashSet<Object>(),
credsPrivate);
LoginContext lc = new LoginContext("myCustomJDBCRealm", s);
lc.login();
The problem is, that this works pretty well, but when entering the
"BeanB" the getCallerPrincipal always returns "ANONYMOUS", although in
the same thread.
Here is some log output:
FINE: Login module initialized: class
com.something.security.realm.CustomJDBCLoginModule
FINEST: JDBC login succeeded for: bob groups:[Test Group]
FINE: JAAS login complete.
FINE: JAAS authentication committed.
INFO: Called BeanB with 'ANONYMOUS'...
FINE: JAAS logout for: Subject:
Principal: bob
Principal: Test Group
Principal: com.something.security.impl.IdentityPrincipalImpl_at_c2e62fba
Private Credential: Realm=myCustomJDBCRealm Username=bob
Password=######## TargetName =
So I would like to know if there is a way to accomplish that.
Please help.
Cheers,
kane