users@glassfish.java.net

ProgrammaticLogin for stand-alone application

From: <glassfish_at_javadesktop.org>
Date: Tue, 14 Apr 2009 04:03:52 PDT

Hello,

I am fairly new to GF, so please forgive me if this is a stupid question - but I can't seem to find any answer... The situation is as follows:

I have a stand-alone application (RCP based rich client) which needs to authenticate different users using GF. Based on that, programmatic authorisation is used to grant permissions on the server. I want to address all of this using JAAS. So I wrote a custom realm and login module, which seem to work as expected. Authentication is done via a stateful ejb3 session bean (over RMI/IIOP). So far so good, but the problem I encounter is that the login state (security context) doesn't seem to be cached anywhere, it simply gets lost after the login call returns. Subsequent calls to ctx.isCallerInRole() (from within other bean methods) thus fail, and ctx.getCallerPrincipal().getName() only returns 'ANONYMOUS' (I use "@Resource SessionContext ctx).

What am I doing wrong, and what's the common way of addressing this issue?

Thanks
[Message sent by forum member 'gnorph' (gnorph)]

http://forums.java.net/jive/thread.jspa?messageID=341945