Authentication in EJB's using JAAS and WebLogic Server 6.0

[Arvind Parasuram]

Hi,
I am trying to implement EJB security using JAAS and WebLogic Server
6.0 and have the following issues...

1. The client sets the Principal and Credentials in the environment,
does a JNDI lookup for the home interface and calls home.create(). At
this point I want the LoginModules that have been defined in a
configuration file to be loaded automatically. How do I achieve this?
The JAAS sample application that comes with WebLogic uses "SampleConfig"
to read the config. file and load the login modules. Can't the App
server directly load these modules in some manner?

2. How can I get the Subject inside of a Session bean's methods? I am
implementing a stateless session bean so I cannot hang on to a
LoginContext and retrieve the Subject from that. I tried to get the
subject using the Subject's static method - getSubject() inside a bean's
method this way...

AccessControlContext acc = AccessController.getContext();
Subject subject = Subject.getSubject(acc);

but it throws the foll. exception...
java.lang.SecurityException: Method Not Supported at
javax.security.auth.Subject.getSubject(Subject.java:281)
Has anybody tried this before? (I need the Subject to get to the
PublicCredentials. The EJBContext has a method to return the Principal
only.)

3. Since I am implementing a stateless bean how do I logout the loaded
LoginModules?

Would appreciate any solution to the above problems.
Thanks.

-Arvind