Just to clarify, you mentioned that you configured the following :
<sun-ejb-jar>
<ejb>
<ejb-name>ComplaintServiceBean</ejb-name>
<principal>
<name>cde</name>
</principal>
</ejb>
</enterprise-beans>
</sun-ejb-jar>
But still in server.log it says we're not authorized (but it prints the user 'cde' in the error message -- and that user is authorized since he is in the sole defined group that is mapped upon the sole defined role -- the role needed by the called SB!):
Since there is no real authentication happening so the assignment of groups in the Authorization Credentials will not happen (IMO). So please explicitly map principal cde to the role "User" inside your sun-ejb-jar.xml
<security-role-mapping>
<role-name>User</role-name>
<principal-name>cde</principal-name>
<group-name>cde</group-name>
</security-role-mapping>
And let me know if that worked.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]
http://forums.java.net/jive/thread.jspa?messageID=287278