jboss - JMS call overwriting current jaas subject -
are I have an application using Jeaas to protect Jeass, running Jebis AS Ijebi component. Object of Javax.security.auth.login Login Contex is used to verify any method before calling. I have a functionality where I am calling EJB which is safe using role permissions (via EJB deployment descriptor). Before calling EJB, there is a code to deliver messages in JMR Q.
The issue is that the subject matter contains the correct user details before the JMS Qi code. Once the JMS code changes the subject to the guest, execution of EJB fails because the guest does not have the right role to call the EJB. And ends with the following exceptions
[org.jboss.ejb.plugins.SecurityInterceptor] Error security interceptor java.lang.SecurityException: Rejected: collar with subject = Subject: Principal: Each principal: roles (members: John, guest, J 2) and security context post-mapping roles = roles (John guest, J. 2E,): ejbMethod = someEjbMethod
I first The subject after JMS call is that EJB reference shows the original caller identity but none Not found will appreciate people with no clue or help.
Comments
Post a Comment