Hi all,
We have been trying to port our application onto GlassFish, from its long standing usual home running on WAS. We have run into trouble trying to get the security within the application working as it does on WAS. Our application is broken up into three separate enterprise archives and uses
ejb 2.1 for several stateless session beans. When a log in is performed for a user in the first ear, then a call is made to another ejb in a separate ear, the caller principle populated in the SessionContext for that ejb is not the authenticated user which was logged in and it should be running as. Instead the caller principle is either ANONYMOUS or the GlassFish admin user for that domain.
On WAS, propagation of the authenticated user between the different enterprise archives and ejbs was handled by using the IBMs helper APIs, such as
. We have attempted to perform the similar authentication on Glassfish using
, but while this appears to run the action as that user, the user is lost during the first call from one enterprise archive to another.
If multiple enterprise archives, deployed in the same J2EE container, are mapped with similar role descriptors in the application and ejb descriptor files, is it possible to have the authenticated user propagate across various ejbs held in separate enterprise archives?
I have also posted this problem, along with a simple sample application to highlight the issue onto the GlassFish forums here -->
http://forums.java.net/jive/thread.jspa?messageID=396643
Can anyone provide me with a little insight into whether this is possible, and if so, how I should be going about it...
Thanks,
Rob.