How to propagate user principal from HttpServletRequest into EJBContext?

3
votes

I'm using Wildfly in version 8.1.0.Final. I'm doing authentication using HttpServletRequest through rest service in the way like below.

@Context
HttpServletRequest request;
...
request.login(user, password);

So then, I'm able to obtain logged user principal using request.getUserPrincipal();

But the login identities from web layer are not propagated into ejb layer. If I'm trying to obtain user principal from ejb bean, user principal is always "anonymous":

@Stateless
@SecurityDomain("other")
@PermitAll
public class FooBean implements Foo {

    @Resource
    private EJBContext ejbContext;

    public void someMethod() {
        String name = ejbContext.getCallerPrincipal().getName();
    }
}

Is there any method to pass logged user principal from web layer into ejb context?

1
javaweb-servicesjbossejbwildfly
Did you have an answer? :-D I have the same on wildfly 15auryn31

1 Answers

3
votes

I was always getting Anonymous CallerPricipal or null UserPrincipal on Wildfly 8.0.0.Final until i applied the patch to move to Wildfly 8.1.0.Final just now and all is well.

The only obvious difference between our projects is that instead of using @SecurityDomain i'm using xml to avoid vendor specifics inside code. I would recommend you recheck requirements for using that annotation or try out xml and see if you still have the issue

My jboss-web.xml:

<?xml version="1.0" encoding="UTF-8"?>  
<jboss>  
    <security-domain>myJaasSecurityDomain</security-domain>  
</jboss>

My web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://xmlns.jcp.org/xml/ns/javaee"
    xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">

    <security-role>
        <role-name>ADMIN</role-name>
    </security-role>
    <security-role>
        <role-name>CUSTOMER</role-name>
    </security-role>

</web-app>

Hopefully the next person wont spent 2 days on this like i did