I have 2 users, let says ejbUser and webServiceUser.
And 2 server, server1 (glassfish) and server2(custom C++, gSOAP).
ejbUser has role ejb.
webServiceUser has role webservice.
ejbUser call a method of an ejb object on server1 which call a webservice that does not need authentication on server2.
During this call, server2 call a web service on server1 and authenticate using webServiceUser.
To call the web service on server1 webServiceUser need the webServiceUser role.
ejbUser does not have the webservice role.
The problem is :
=> The webServiceUser will be granted access to the ejb web service only if ejbUser his granted the webservice role.
That make no sense for me.
I am suspecting some kind of security protection for impersonation that would somehow think that our custom C++ server is calling
the ejb as the ejbUser.
Any idea ?
Thanks
Vincent Deschenes