Skip to main content

How to propagate JAAS principal using HTTP from within ACC?

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
1 reply [Last post]
mkarg
Offline
Joined: 2007-12-09

Our application consists of a JAX-RS resource calling a SLSB and a Swing client in ACC. Communication between client and server is done using HTTP (HttpUrlConnection). When starting Swing, JAAS asks for username and password (we enforce this by letting Swing directly invoke some SLSB method instead of using HTTP). While the application further runs, it invokes some HTTP methods (unauthenticated, as we have no security restrictions).

In the end, the SB invokes getCallerPrincipal -- which returns "ANONYMOUS". Clearly the principial is not propagated from ACC to EJB container via JAX-RS.

So here comes the million dollar question: How to tell ACC that it shall forward the principial in case the Swing client does HTTP calls? If this is not possible, then here is another question: We could provide a username as part of the HTTP call manually, but how to turn it into a principal on the SLSB side then?

Thanks!
Markus

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Kumar Jayanti Guest
Offline
Joined: 2011-04-02

By ACC did you mean the Appclient Container ?. If you have a seq diagram that will help.
On Aug 23, 2012, at 3:02 PM, forums@java.net wrote:

> Our application consists of a JAX-RS resource calling a SLSB and a Swing
> client in ACC. Communication between client and server is done using HTTP
> (HttpUrlConnection). When starting Swing, JAAS asks for username and password
> (we enforce this by letting Swing directly invoke some SLSB method instead of
> using HTTP). While the application further runs, it invokes some HTTP methods
> (unauthenticated, as we have no security restrictions). In the end, the SB
> invokes getCallerPrincipal -- which returns "ANONYMOUS". Clearly the
> principial is not propagated from ACC to EJB container via JAX-RS. So here
> comes the million dollar question: How to tell ACC that it shall forward the
> principial in case the Swing client does HTTP calls? If this is not possible,
> then here is another question: We could provide a username as part of the
> HTTP call manually, but how to turn it into a principal on the SLSB side
> then? Thanks! Markus
>
> --
>
> [Message sent by forum member 'mkarg']
>
> View Post: http://forums.java.net/node/889477
>
>

mkarg
Offline
Joined: 2007-12-09

Yes, ACC means Application Client Container. Anyway, I meanwhile got it to work. The sole trick was simply to define a in web.xml and to set an Authenthenticator in the client. Then it worked.

But I wonder why the ACC does not set the authenticator on its own?