Jul 14th, 2009, 06:58 PM
Spring + EJB + JAAS: how to get an Authentication inside EJB?
I've setup a swing client + some SLSBs (using spring 2.5.6 + security 2.0.4) including JAAS authentication (client: ClientLoginModule, server: JBoss 5 LdapLoginModule) with authentication working based on EJB config and JAAS.
Inside the EJB I'm able to get the principle by calling SessionContext.getCallerPrincipal() (even if Subject.getSubject( AccessController.getContext() ) is returning null) but I want to propagate these information to spring's SecurityContext to be able to use it in beans called by the EJB.
- how (if possible) can I pass these information to spring's SecurityContext?
- should I do it the other way round and not using LdapLoginModule but e.g. SecurityContextLoginModule and configure the authentication strategy inside of spring?
Tags for this Thread