Our application consists of a JAX-RS resource calling a SLSB and a Swing
client in ACC. Communication between client and server is done using HTTP
(HttpUrlConnection). When starting Swing, JAAS asks for username and password
(we enforce this by letting Swing directly invoke some SLSB method instead of
using HTTP). While the application further runs, it invokes some HTTP methods
(unauthenticated, as we have no security restrictions). In the end, the SB
invokes getCallerPrincipal -- which returns "ANONYMOUS". Clearly the
principial is not propagated from ACC to EJB container via JAX-RS. So here
comes the million dollar question: How to tell ACC that it shall forward the
principial in case the Swing client does HTTP calls? If this is not possible,
then here is another question: We could provide a username as part of the
HTTP call manually, but how to turn it into a principal on the SLSB side
then? Thanks! Markus
--
[Message sent by forum member 'mkarg']
View Post: http://forums.java.net/node/889477