users@glassfish.java.net

Re: Call secured _at_Remote EJB from WebClient

From: <glassfish_at_javadesktop.org>
Date: Sun, 06 Jun 2010 04:50:02 PDT

Some more details:

When not securing the Remote EJB via file-realm basic username/password authentication, access from the WAR is no problem simply using annotations @EJB(mappedName="Location of EJB").

But when the EJB is secured, my approaches fail:
1. is there a way to provide the username and password a) via annotations or b) deployment descriptors?

2. if not, how can one lookup the Remote EJB in the Web Client via InitialContext?! Unfortunately, the FAQ in this respect (https://glassfish.dev.java.net/javaee5/ejb/EJB_FAQ.html) does not says anything on accessing secured EJBs and the solution for properties provided there for standalone apps regarding the EJB lookup do not work:
I tried it this way:
Properties props = new Properties();

props.setProperty("java.naming.factory.initial","com.sun.enterprise.naming.SerialInitContextFactory");
props.setProperty("java.naming.factory.url.pkgs","com.sun.enterprise.naming");
props.setProperty("java.naming.factory.state","com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl");
props.setProperty("org.omg.CORBA.ORBInitialHost", "localhost");
props.setProperty("org.omg.CORBA.ORBInitialPort", "3700");
props.put("java.naming.security.principal", "username");
props.put("java.naming.security.credentials", "password");

ic = new InitialContext(props);

myBean = (MyBean) ic.lookup("ejb/MyBean");

but I get the following error:
javax.naming.NoInitialContextException: Cannot instantiate class: com.sun.enterprise.naming.SerialInitContextFactory [Root exception is java.lang.ClassNotFoundException: com.sun.enterprise.naming.SerialInitContextFactory]
at com.sun.enterprise.naming.GlassFishNamingBuilder.createInitialContextFactory(GlassFishNamingBuilder.java:100)

3. I also tried adding a security constraint (basic authentication with username and password) to the web client hoping the security identity is propagated to the Remote EJB, but that failed also with the exception (although I am not using the RunAs annotation):
iiop.secmechanism_exception
com.sun.enterprise.iiop.security.SecurityMechanismException: Cannot propagate username/password required by target when using run as identity
at com.sun.enterprise.iiop.security.SecurityMechanismSelector.propagateIdentity(SecurityMechanismSelector.java:641)
[Message sent by forum member 'martyj']

http://forums.java.net/jive/thread.jspa?messageID=472987