Problem propagating user credentials on Oracle AS cluster environment
Dear colleagues, I have following problem.
Configuration. We have Oracle AS 10.1.2.0.1 cluster. Client module requests functionality from EJB module deployed in server (stateless session beans). Client is written by Java 1.5, EJB - by Java 1.4. JAAS is used to establish security context between client and server. Several first calls to EJB are anonymous, then only named calls are permitted. In some aspects application uses programmatic security, for this reason it uses SessionContext.getCallerPrincipal() on server side.
Client searching EJB through InitialContext uses following:
a. by anonymous call:
java.naming.factory.initial=com.evermind.server.rmi.RMIInitialContextFactory
java.naming.security.principal="anonymous"
java.naming.security.credentials="anonymous"
b. by named call:
java.naming.factory.initial=com.evermind.server.rmi.RMIInitialContextFactory
java.naming.security.principal=<USER_PRINCIPAL>
java.naming.security.credentials=<USER_CREDENTIALS>
Problem is that SOMETIMES, NOT ALWAYS, by named call (client passes real principal and credentials to InitialContext) on server side SessionContext.getCallerPrincipal() returns "anonymous". So, it looks like some kind of caching happens.
The very important issue here is that this ONLY happens in cluster configuration. I.e. if EJB is searching with following parameter:
java.naming.provider.url=opmn:ormi://<HOST_NAME>:<OPMN_PORT>/<APPLICATION_NAME>
If EJB is searching with parameter:
java.naming.provider.url=ormi://<HOST_NAME>:<ORMI_PORT>/<APPLICATION_NAME>
everything works fine without exclusion.
And last remark. Properties
dedicated.rmicontext=true
and
LoadBalanceOnLookup=true
are NOT used.
If some of you knows what is the problem, I would appreciate your help.
