Principal object is anonymous JAAS security

579 views Asked by At

Is it possible to set manually the Principal object in SessionContext ? for prototyping reasons, I'm validating the user credential against 3rd party system then I want to set the authenticated user in Ejb context , I use JAAS custom login module just to set the principal object and fetch user's roles SessionContext.getCallerPrincipal.getName() always returns ANONYMOUS

1

There are 1 answers

0
Mike Braun On

In EJB if the user didn't authenticate, you get a container specific principal with a container specific name. This is a bit annoying. Some containers allow you to set the anonymous Principal via some container specific mechanism.