How to propagate JAAS principal using HTTP from within ACC?
Our application consists of a JAX-RS resource calling a SLSB and a Swing client in ACC. Communication between client and server is done using HTTP (HttpUrlConnection). When starting Swing, JAAS asks for username and password (we enforce this by letting Swing directly invoke some SLSB method instead of using HTTP). While the application further runs, it invokes some HTTP methods (unauthenticated, as we have no security restrictions).
In the end, the SB invokes getCallerPrincipal -- which returns "ANONYMOUS". Clearly the principial is not propagated from ACC to EJB container via JAX-RS.
So here comes the million dollar question: How to tell ACC that it shall forward the principial in case the Swing client does HTTP calls? If this is not possible, then here is another question: We could provide a username as part of the HTTP call manually, but how to turn it into a principal on the SLSB side then?