0 Replies Latest reply on Jun 3, 2011 3:39 PM by hublisid

    SecurityAssociation is null when called from authenticating EJB

    hublisid

      I have a web applciation and an EJB component.

      I am using GenericHeaderAuthenticator and SSOLoginModule for the authentication. In GenericHeaderAuthenticator, I am getting the roles from siteminder and setting in org.jboss.security.SecurityAssociation class.

       

      SecurityAssociation.setContextInfo("sm_role", roles);

       

      For the authentication in EJB, the securityDomain is pointing to SSOLoginModule,

      When I am trying to access the SecurityAssociation context info in SSOLoginModule , its giving me null values, so the EJB authentication failed!!

       

      String role = (String)SecurityAssociation.getContextInfo("sm_role"); roles are coming as null.

       

       

      This problem is in Unix environment, the same code I tried in Windows environment it's working fine.

       

      Can anyone help me to resolve this issue?

       

      The configuration are as below:-

       

      EJB Code:

      @

      org.jboss.ejb3.annotation.SecurityDomain("SSOGenericHeaderAuth")

      @Stateless

      public

       

       

      @RolesAllowed("essga_cmdbost_custodian")

       

      class FooBean implements FooRemote {

       

      @Resource private SessionContext sctx;

       

      war-deployers-jboss-beans.xml(c:\jboss-5.1.0.GA\server\default\deployers\jbossweb.deployer\META-INF)

            <property name="authenticators">
               <map class="java.util.Properties" keyClass="java.lang.String" valueClass="java.lang.String">
          <entry>
                     <key>HEADER</key>
                     <value>org.jboss.example.web.tomcat.security.GenericHeaderAuthenticator</value>
                </entry>

       

      web.xml

      login-config.xml(c:\jboss-5.1.0.GA\server\default\conf):

      <application-policy name="SSOGenericHeaderAuth">

         <authentication>

         <login-module code="org.jboss.example.web.tomcat.security.SSOLoginModule" flag="sufficient"/>

         <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"

         flag="required">

         <module-option name="usersProperties">props/jmx-console-users.properties</module-option>

         <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>

         </login-module>

        </authentication>

      </application-policy>