I'm in the process of upgrading from JBoss EAP 6.4 to 7.1 but I am experiencing some technical issues regarding the management of the Subject.
Some context
My application is an EAR file containing:
- a web module
- several EJB modules bearing stateless session beans (SLSBs)
- an EAR file packaging all the above
Authentication is primitive: the username-password credentials are passed on to one of the SLSBs which in turn calls
LoginContext loginContext = new LoginContext(group.getLoginContextName(), callbackHandler);
loginContext.login();
The problem
My application occasionally retrieves the Subjects in different points of execution—from my web app, my EJBs, simply anywhere. I usually used to use Subject.getSubject(...)
but this keeps returning null all the time.
I have been asked to use PolicyContext.getContext("javax.security.auth.Subject.container")
and it does return the authenticated Subject, but ONLY where the loginContext.login();
is called. The moment I call it from anywhere else (including from a different SLSB instance of the same kind), the Subject is null!
What am I missing??