I checked with a standalone java client, and the same behaviour occours.
More details:
Code to invoke:
new ProgrammaticLogin().login(username, password, realm, false);
Object ref = new InitialContext().lookup(jndiName);
Client side exception:
javax.naming.NamingException: ejb ref resolution error for remote business
interfaceit.witech.wrop.bwa.deployment.radius.authorization.BWARadiusAuthorizationRemote
[Root exception is java.rmi.AccessException: CORBA NO_PERMISSION 0 No;
Server side exception:
javax.enterprise.resource.corba
IOP5049: Login exception: [com.sun.enterprise.security.LoginException:
com.sun.enterprise.security.auth.realm.NoSuchRealmException: Realm default
does not exists.]
As I said, it does not happen if sun-ejb-jar.xml contains a <realm> entry in
<as-context>. It seems the ProgrammaticLogin.login ignores the realm
parameter.
By the way, the solution is very simple: put a realm entry in sun-ejb-jar.xml.
Best regards
Danilo
> V B Kumar Jayanti wrote:
> > Danilo Levantesi wrote:
> >> Hi to all.
> >> I'm developing a standalone remote ejb client for some protected
> >> EJBs (via @RolesAllowed), and I've, successfully, followed the FAQ
> >> instructions: I can authenticate using ProgrammaticLogin and lookup
> >> via InitialContext.
> >>
> >> Now I've a doubt: ProgrammaticLogin has a login method where the
> >> developer can specify the realm name.
> >>
> >> If I specify the realm
> >> (programmaticLogin.login("username","password","custom_realm",
> >> false), and the remote EJB has an entry (*) in sun-ejb.xml with that
> >> realm name, it works.
> >
> > OK
> >
> >> If I specify the realm, but the remote EJB hasn't an entry in
> >> sun-ejb.xml, then I get a CORBA_NO_PERMISSION exception on client
> >> side, and a login exception on server side
> >> (javax.security.auth.login.LoginException: Failed file login for
> >> username).
> >
> > This is also reasonable.
> >
> >> It seems the credentials are checked against the file realm and not
> >> against the specified custom_realm: is this the right behaviour?
> >>
> >> Moreover, if I set my custom_realm as the default realm, it still
> >> continues authenticating against the file realm.
> >
> > This seems to indicate the file realm is hardcoded soemwhere which
> > should probably be changed. It should have got the default realm from
> > the domain config.
> >
> > regards,
> > kumar
>
> Could you please try using an appclient instead of a standalone java
> client and check if the same error recurs?
>
> Thanks,
> Nithya
>
> >> (*) <ejb>
> >> <ejb-name>BeanName</ejb-name>
> >> <ior-security-config>
> >> ...
> >> <as-context>
> >> <auth-method>USERNAME_PASSWORD</auth-method>
> >> <realm>custom_realm</realm>
> >> <required>true</required>
> >> </as-context>
> >> ...
> >> </ior-security-config> </ejb>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> >> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> > For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net