Thanks Darran for your quick reply on my new thread. As you suggested, am continuing on this.
Our application flow is:
User launch the application url->servletFilter->check for session validation-> if invalid->redirect to login screen->invoke the login module->Authenticate->set the principal->continue to access the application.
Both our ejb and web application are configured to use the default security domain.
The current problems are,
1.
The SecurityDomain.getCurrent() returns null object when i try to get
SecurityDomain.getCurrent() either from war or sar. As per my
understanding this is happening because, our web.xml does not contains
security domains. I can't get the securityIdentity since,
securitycontext is empty and i don't see any other way to get the
securityIdentity.
2. Getting SecurityDomain object when it is accessed
from EJB. However, the
principal comes as anonymous.
Am accessing using the below code.
@Resource
private SessionContext
The only way am seeing is, create the new
securityDomain if it is null and tried to create the adhocIdentity.
However, this also throwing error saying unable to authenticate which i
need to further investigate on the reason. Also, not sure, this is
correct way of doing.
Thanks
Arulkumar P