Hello I am trying to use a JAASRealm for authentication. I have set up the Realm and it is authenticating with a WebLogic instance and returns a user back (WLSUserImpl) with their groups (if any WLSGroupImpl). I have a custom verison of the WebLogic provided UsernamePasswordLoginModule which doesnt pass in a URLCallback!
I now want to look up an EJB on the remote WebLogic server within a servlet, this works too but if I call a secured method (requirings you to have a Group) I get a security error. User <anonymous> cannot...... I have managed to get the Subject from the HTTPSession and then with that call weblogic.security.Security.runAs( subject, new MyEJBLookUpAndCallAction() ); I have the weblogic.jar in the tomcat classpath, and this works fine. Is there away to make is cleaner and just be able to look up the ejb and call it with out having to do the run as? For some reason Tomcat is not assoicating the Subject with the thread. Also: I have debugged the login module and a Subject is created correctly - with WLSUserImpl and WLSGroupImpl, but the Subject I get back from the HTTPSession only has the user in it with no groups. Any help is appreciated. Thanks, Laurence. -- View this message in context: http://www.nabble.com/Security-with-WebLogic-%28JAASRealm%29-tp16824943p16824943.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
