users@glassfish.java.net

EJB 3.0 - anonymous + auth in the same stateless session bean

From: <glassfish_at_javadesktop.org>
Date: Mon, 14 Apr 2008 03:18:24 PDT

Is it possible to support both anonymous and authenticated calls in the same EJB in glassfish?

In my sun-ejb-jar.xml I have:
    <ejb>
      <ejb-name>MyBean</ejb-name>
      <ior-security-config>
        <as-context>
          <auth-method>username_password</auth-method>
          <realm>myrealm</realm>
          <required>false</required>
        </as-context>
        <sas-context>
          <caller-propagation>supported</caller-propagation>
        </sas-context>
      </ior-security-config>
    </ejb>

Then in EJB I declare roles at class level, but do not restrict access to methods, since I need more dynamic restrictions done programatically inside.

When I use <required>false</required>, then anonymous calls are supported, authenticated calls work if done using ProgrammaticLogin in glassfish on server side, but authenticated calls from client side don't work, even when using ProgrammaticLogin.

When I use <required>true</required> then anonymous calls are not supported, but authenticated calls from client using ProgrammaticLogin work.

Is there any other setting I'm missing or is it not supported? I guess for the time being I will have to do ProgrammaticLogin on server side for each EJB invocation.
[Message sent by forum member 'jarol1' (jarol1)]

http://forums.java.net/jive/thread.jspa?messageID=269027