Hi,
Could you tell me what is the purpose of Default Principal and Default Principal Password in glassfish?
My example is as follows:
Default Principal is set to USER and Default Principal Password to USERPASS on Configuration->Security Page.
Selected methods of EJBs are secured with @RolesAllowed("USERROLE")
USER principal is mapped to USERROLE in sun-ejb deployment descriptor.
Most of Web tier calls to EJB are anonymous.
I thought that I could invoke secured method of EJBs with Default Principal provided in application server configuration. But I cannot. I get AccessLocalException.
I can read user principal name from SessionContext (in unsecured ejb method). It is set properly to USER. When I check that principal against application role using isCallerInRole("USERROLE") I get false.(?)
So, I have configured web tier to use FORM authentication with JDBC realm. When I log in as USER with USERPASS, ejb secured methods are called properly and isCallerInRole returns true.
Web tier and ejbs are deployed as Enterprise Application and methods are invoked through local interfaces.
What I am doing wrong?
--
Best regards,
Marcin Kwapisz
[Message sent by forum member 'mkwapisz' (mkwapisz)]
http://forums.java.net/jive/thread.jspa?messageID=249586