sessionContext.getCallerPrincipal().getName() returns "anonymous"

Latest response

I am working on a web app project that contains EJB components and is deployed in JBoss EAP 7.0.7. Some of these EJBs are called remotely from a standalone java client application. The problem is I am able to call the EJBs remotely but the principal always returns "anonymous" instead of the user ID that was just authenticated.

I have configured the standalone.xml to use a security-domain using a DatabaseLoginModule. I also configured the security domain in my jboss-web.xml and annotated each EJBs to use that security domain.

When I invoke an EJB method from within the web application, the principal from the sessionContext is set to the logged in user. This is because I have used the HttpServletRequest.login api. But how would I propagate the principal to the EJB layer using the standalone client app without this servlet api? Is there an api that performs authentication and propagates the principal as what the servlet api I mentioned above does? Or am I just missing some configurations? Thanks in advance for your answers/feedback.

Responses

You should use Interceptors to propagate principle from client to server. There are set of examples in quick starters

Hello Team, I am facing the same problem. The user credentials are not propogated from client to server via caller principal. Can you please propose a solution with more descriptive details?