Accessing the clients principal inside an ejb method

About

Asked 2/3, 2010 at 14:21 Answered 30/1, 2011 at 4:19

I need to access the clients principal (username ) inside a ejb method. I don't want to add it as a parameter. Tryed adding them to Context object like ;

prop.add(Context.SECURITY_AUTHENTICATION,"user")
prop.add(Context.SECURITY_CREDENTIALS,"pass")

but trying to access them inside the method like; @Resource private SessionContext ctx;

public void someMethod() {
    Principal principal = ctx.getCallerPrincipal();
    //returns anonymous

still give me the annoymous user.

Working on weblogic, any pointers ?

Thanks

Remindful answered 2/3, 2010 at 14:21 Comment(0)

Similar issue...I am testing with a client cert along with a custom UserNameMapper. My UserNameMapper returns "steve", but the principal within the EJB was returning "<anonymous>" until I added a "steve" user via the console.

Environment env = new Environment();
env.setInitialContextFactory(Environment.DEFAULT_INITIAL_CONTEXT_FACTORY);
//  env.setSecurityPrincipal("user");
//  env.setSecurityCredentials("pass");
env.setProviderUrl("t3s://localhost:7002");

InputStream key = new PEMInputStream(new FileInputStream(CERT_KEYFILE));
InputStream cert = new PEMInputStream(new FileInputStream(CERT_CERTFILE));
env.setSSLClientCertificate(new InputStream[] {key, cert});
env.setSSLClientKeyPassword(CERT_KEYPASSWORD);

Same issue when using a JAAS client with the UsernamePasswordLoginModule. Fixed by setting the username/password within the InitialContext lookup within the PrivilegedAction. The EJB references the latter as the principal as it can be a different username/password.

Roslyn answered 30/1, 2011 at 4:19 Comment(3)

Steve could you please explain this line, I will be really thankful to you Fixed by setting the username/password within the InitialContext lookup within the PrivilegedAction – Pretermit 7/7, 2014 at 19:48

See the example 17-3 onjava.com/pub/a/onjava/excerpt/weblogic_chap17/…. There's an interesting bullet point that says not to provide the user credentials. Been awhile now, but when I tested, I wasn't able to access the principal within the EJB without explicitly supplying them in the InitialContext. So you would add something like the lines I commented out above into the example 17-3. HTH – Roslyn 7/7, 2014 at 20:34

Thanks, I got it, It is WebLogic Specific code, Actually I was trying to access an EJB running on Glassfish from Standalone Application (from with in Eclipse). I have managed to authenticate client, but that information is not propagated to the EJB. It remains anonymous. Anyway thank you so much. – Pretermit 7/7, 2014 at 20:51

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags