users@glassfish.java.net

Cannot propagate username/password required by target when using run as identity

From: Adam Jenkins <adamjenkinstmpredirect_at_yahoo.com.au>
Date: Fri, 13 Mar 2009 18:48:36 -0700 (PDT)

Hi All,

I'm moving a developed application to a production environment. To try something different, we have two server instances set up, one for the ejb part of the app, one for the webapp. We have a custom jaas realm configured which they both have access to.

When we deploy locally with everything on the same server there are no problems, however when we deploy to production and try to access the website, we get the following error:

com.sun.enterprise.iiop.security.SecurityMechanismException: Cannot propagate username/password required by target when using run as identity

Interestingly enough, at this stage we're not actually logged into the application, and the while the ejb that's being injected into the jsf managed bean does have some secure methods (declared with @RolesAllowed("...")) none of these are being accessed by the managed bean being declared. We do not use @RunAs anywhere in our application.

My ejbs are declared in my sun-web.xml as:

  <ejb-ref>
      <ejb-ref-name>IndexingRemote</ejb-ref-name>
      <jndi-name>corbaname:iiop:localhost:33701#ejb/IndexingBean</jndi-name>
  </ejb-ref>

Which is the correct port...interestingly, when both the web application and the ejb application are in the same server instance (even with the declarations using corbaname as above) everything works fine, but when I put them in seperate instances I get the error above.

Can anyone shed some light on this error, I can't find anything online other than a bunch of 'TBD' notes on the wiki.

Also, is there anyway to specify to use jrmp instead of iiop (is there any advantages to iiop rather than jrmp?)

Thanks
Adam