Hi to all.
I'm developing a standalone remote ejb client for some protected EJBs (via
@RolesAllowed), and I've, successfully, followed the FAQ instructions: I can
authenticate using ProgrammaticLogin and lookup via InitialContext.
Now I've a doubt: ProgrammaticLogin has a login method where the developer can
specify the realm name.
If I specify the realm
(programmaticLogin.login("username","password","custom_realm", false), and
the remote EJB has an entry (*) in sun-ejb.xml with that realm name, it
works.
If I specify the realm, but the remote EJB hasn't an entry in sun-ejb.xml,
then I get a CORBA_NO_PERMISSION exception on client side, and a login
exception on server side (javax.security.auth.login.LoginException: Failed
file login for username).
It seems the credentials are checked against the file realm and not against
the specified custom_realm: is this the right behaviour?
Moreover, if I set my custom_realm as the default realm, it still continues
authenticating against the file realm.
(*) <ejb>
<ejb-name>BeanName</ejb-name>
<ior-security-config>
...
<as-context>
<auth-method>USERNAME_PASSWORD</auth-method>
<realm>custom_realm</realm>
<required>true</required>
</as-context>
...
</ior-security-config>
</ejb>