The full title should have been: "Cannot propagate username/password required by target when using run as identity", which is the exception message I'm having trouble with.
I am having problems setting up a distributed server scenario with credentials being propagated between glassfish servers.
- I have glassfish server A (presentation tier) and glassfish server B (business tier)
- I have a "login" servlet on server A that performs authentication via Programmatic Login.
- I have a "test" servlet in server A attempting to make an EJB call to a bean that is located in server B.
- The bean method is marked with the @RolesAllowed annotation.
- Server A's web.xml does NOT have <security-constraint> entries defined, nor does it have the <login-config> defined.
If I execute my login servlet and then I attempt to execute the servlet that attempts the EJB call, I get the before-mentioned exception: "Cannot propagate username/password required by target when using run as identity"
However, I noticed that if I add a <security-constraint> entry in the web.xml file for the servlet in question, then the problem goes away.
Can anyone explain why that is?
-------------------------------------
Related 2nd question, different scenario:
Again, I have server A (presentation tier) and server B (business tier)
This time I have a more "normal" set up. I configure server A to use BASIC authentication (<login-config> in web.xml)
I again have a servlet that attempts to call a remote ejb that is annotated with @RolesAllowed.
My servlet is has a <security-constraint> configured on it.
When I execute my servlet, I am asked to log in via the BASIC authentication mechanism, and then everything executed wonderfully, inclusing the EJB call. Clearly, my authentication credentials are being propagated.
However, keeping my test browser session open, I now decide to restart server A (presentation tier). I noticed that my session is being preserved across the server restart as my session id remains the same after the restart. However, after the restart, and still in my same browser session as before, which still holds my authentication data, if I attempt to execute the servlet, I now get the infamous exception: "Cannot propagate username/password required by target when using run as identity".
Can anyone explain how the server restart causes this exception?
Thanks
Sam
[Message sent by forum member 'sstanojevic' (sstanojevic)]
http://forums.java.net/jive/thread.jspa?messageID=230327