I have JSP with calling to my Session Bean, I’ve implemented this via JNDI

Question

0

Asked: May 26, 20262026-05-26T08:58:40+00:00 2026-05-26T08:58:40+00:00

I have JSP with calling to my Session Bean, I’ve implemented this via JNDI

0

I have JSP with calling to my Session Bean, I’ve implemented this via JNDI InitialContext(). Session Bean class is having a @RolesAllowed annotation with one defined user. I want to restrict users who can call methods of this bean.

Application Sever connected to TAM/WebSEAL via junction. So I can see that authenticated users have defined “iv-user”, “iv-groups”, “iv-creds” http request header values, unauthenticated – don’t. But then I trying to call any of bean methods I’ve got a Security Exception like trying to access as unauthenticated user. Moreover, I don’t see userPrincipal when at the response of request.getUserPrincipal()

How to pass security context from WebSEAL / Tivoli Access Manager into EJB and use it for JAAS annotations?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T08:58:41+00:00

Editorial Team

2026-05-26T08:58:41+00:00Added an answer on May 26, 2026 at 8:58 am

I’ve found one solution:
1. Switch WebSphere to use a Standalone LDAP registry, set link as Trusted (actually it not necessary)
2. Setup LTPA authentication between WAS and WebSEAL
after these JSP should get security context and pass to the called methods.
3. Define security constraints inside target web application.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have JSP with calling to my Session Bean, I’ve implemented this via JNDI

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply