We did what you proposed:
> > | <sun-ejb-jar>|
> > | <enterprise-beans>|
> > | <ejb>|
> > | <ejb-name>HelloEjb</ejb-name>|
> > | <principal>|
> > | <name>aprincipal</name>|
> > | </principal>|
> > | </ejb>|
> > | </enterprise-beans>|
> > | </sun-ejb-jar> |
<sun-ejb-jar>
<ejb>
<ejb-name>ComplaintServiceBean</ejb-name>
<principal>
<name>cde</name>
</principal>
</ejb>
</enterprise-beans>
</sun-ejb-jar>
But still in server.log it says we're not authorized (but it prints the user 'cde' in the error message -- and that user [b]is[/b] authorized since he is in the sole defined group that is mapped upon the sole defined role -- the role needed by the called SB!):
[i](principals com.sun.enterprise.deployment.PrincipalImpl "cde")[/i]
The funny thing is, if we do not use @RunAs, and if we do not use the above sun-ejb-jar.xml, but just login to our servlet using simple BasicHttpAuthentication [b]with exactly the same principal name[/b] then it works pretty well.
So in short: Forwarding a manually Basic-Authenticated user works well, while @RunAs plus declared principal does not -- with the same user! For us that looks like a bug!
(see attached server.log!)
We're totally confused. It just seems as it completely ignores this entry in sun-ejb-jar! :-(
Please Help! :-)
Thanks
Markus
[Message sent by forum member 'mkarg' (mkarg)]
http://forums.java.net/jive/thread.jspa?messageID=285659