0 Replies Latest reply: Jun 3, 2011 3:39 PM by Siddu Bulla RSS

SecurityAssociation is null when called from authenticating EJB

Siddu Bulla Newbie

I have a web applciation and an EJB component.

I am using GenericHeaderAuthenticator and SSOLoginModule for the authentication. In GenericHeaderAuthenticator, I am getting the roles from siteminder and setting in org.jboss.security.SecurityAssociation class.

 

SecurityAssociation.setContextInfo("sm_role", roles);

 

For the authentication in EJB, the securityDomain is pointing to SSOLoginModule,

When I am trying to access the SecurityAssociation context info in SSOLoginModule , its giving me null values, so the EJB authentication failed!!

 

String role = (String)SecurityAssociation.getContextInfo("sm_role"); roles are coming as null.

 

 

This problem is in Unix environment, the same code I tried in Windows environment it's working fine.

 

Can anyone help me to resolve this issue?

 

The configuration are as below:-

 

EJB Code:

@

org.jboss.ejb3.annotation.SecurityDomain("SSOGenericHeaderAuth")

@Stateless

public

 

 

@RolesAllowed("essga_cmdbost_custodian")

 

class FooBean implements FooRemote {

 

@Resource private SessionContext sctx;

 

war-deployers-jboss-beans.xml(c:\jboss-5.1.0.GA\server\default\deployers\jbossweb.deployer\META-INF)

      <property name="authenticators">
         <map class="java.util.Properties" keyClass="java.lang.String" valueClass="java.lang.String">
    <entry>
               <key>HEADER</key>
               <value>org.jboss.example.web.tomcat.security.GenericHeaderAuthenticator</value>
          </entry>

 

web.xml

login-config.xml(c:\jboss-5.1.0.GA\server\default\conf):

<application-policy name="SSOGenericHeaderAuth">

   <authentication>

   <login-module code="org.jboss.example.web.tomcat.security.SSOLoginModule" flag="sufficient"/>

   <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"

   flag="required">

   <module-option name="usersProperties">props/jmx-console-users.properties</module-option>

   <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>

   </login-module>

  </authentication>

</application-policy>