Is it possible to support both anonymous and authenticated calls in the same EJB in glassfish?
In my sun-ejb-jar.xml I have:
<ejb>
<ejb-name>MyBean</ejb-name>
<ior-security-config>
<as-context>
<auth-method>username_password</auth-method>
<realm>myrealm</realm>
<required>false</required>
</as-context>
<sas-context>
<caller-propagation>supported</caller-propagation>
</sas-context>
</ior-security-config>
</ejb>
Then in EJB I declare roles at class level, but do not restrict access to methods, since I need more dynamic restrictions done programatically inside.
When I use <required>false</required>, then anonymous calls are supported, authenticated calls work if done using ProgrammaticLogin in glassfish on server side, but authenticated calls from client side don't work, even when using ProgrammaticLogin.
When I use <required>true</required> then anonymous calls are not supported, but authenticated calls from client using ProgrammaticLogin work.
Is there any other setting I'm missing or is it not supported? I guess for the time being I will have to do ProgrammaticLogin on server side for each EJB invocation.
[Message sent by forum member 'jarol1' (jarol1)]
http://forums.java.net/jive/thread.jspa?messageID=269027