From: Nithya Subramanian <nithya.subramanian_at_oracle.com>
Date: Mon, 02 May 2011 13:12:00 +0530

If the Central Server EJB has to act as a service for an authentication
realm by receiving the username/password, then it should receive the
user requests directly (by specifying an as-context, realm etc) . For
secure communication, the secure IIOP port could be used.

Instead, if the intermediate web-servers are to receive and authenticate
the users, the URLs have to be protected in the web-container,
specifying the auth-realm configuration in web.xml. After
authentication. the IDT would be sent to the Central Server on setting
the sas-context caller propogation element to SUPPORTED in the
glassfish-ejb-jar.xml.
  The communication between the webservers and the Central Server could
be secured as well. Please see
http://blogs.sun.com/nithya/entry/secure_communication_between_web_app

Thanks
Nithya

On Friday 29 April 2011 06:03 PM, forums_at_java.net wrote:
> Hello,
>
> I am trying to use an EJB as a service for an authentication realm. To
> give a
> little more explanations, i will have intermediate servers, which i
> have to
> authenticate, that will access that EJB service and use its functions to
> authenticate users. So basically, i wanted to use SSL certificates to
> authenticate the IS (intermediate servers) against the EJB hosted by
> the CS
> (central server.). But the EJB call only partially works when there is
> no IS
> involved, and EJBContext.getCallerPrincipal() only returned anonymous,
> whereas when using an IS, the call would fail returning the problem
> described
> in that bug report: http://java.net/jira/browse/GLASSFISH-16492 [1]
>
> So i switched back to use username_password authentication mechanism
> instead,
> with programmatic login - in order to authenticate the IS. But that
> wouldn't
> work either: it would give me a Runtime exception stating 'Cannot
> propagate
> username/password when using run as identity.' But i've never used the
> @RunAs().
> I thought the problem resided in the way i was looking up the remote
> EJB and
> found out the Java EE 5 EJB FAQ and followed the guide, and used ejb
> refs to
> look up remote EJBs... and still, no luck. I'm getting the same root
> cause as
> the certificate issue:
>
>
>
> *xception*
>
>
> javax.servlet.ServletException: PWC1392: Error instantiating servlet
> class
> com.hypsoma.test.CallServlet
>
>
> *root cause*
>
> com.sun.enterprise.container.common.spi.util.InjectionException: Error
> creating managed object for class com.hypsoma.test.CallServlet
>
>
> *root cause*
>
> com.sun.enterprise.container.common.spi.util.InjectionException:
> Exception
> attempting to inject Remote ejb-ref name=CustomerAuthEjbRef,Remote 3.x
> interface
> =com.hypsoma.hades.auth.CustomerAuthEjbRemote,ejb-link=null,lookup=,mappedName=,jndi-name=corbaname:iiop:localhost:23700#java:global/hades/auth-0.0.1-SNAPSHOT/CustomerAuthEjb!com.hypsoma.hades.auth.CustomerAuthEjbRemote,refType=Session
>
> into class com.hypsoma.test.CallServlet
>
>
> *root cause*
>
> javax.naming.NamingException: Lookup failed for
> 'java:comp/env/CustomerAuthEjbRef' in
> SerialContext[myEnv={java.naming.factory.initial=com.sun.enterprise.naming.impl.SerialInitContextFactory,
>
> java.naming.factory.state=com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl,
>
> java.naming.factory.url.pkgs=com.sun.enterprise.naming} [Root
> exception is
> javax.naming.NamingException: ejb ref resolution error for remote
> business
> interfacecom.hypsoma.hades.auth.CustomerAuthEjbRemote [Root exception is
> org.omg.CORBA.OBJECT_NOT_EXIST: FINE: IOP02500002: Failed to create or
> locate
> Object Adaptor vmcid: SUN minor code: 2 completed: No]]
>
>
> *root cause*
>
> javax.naming.NamingException: ejb ref resolution error for remote
> business
> interfacecom.hypsoma.hades.auth.CustomerAuthEjbRemote [Root exception is
> org.omg.CORBA.OBJECT_NOT_EXIST: FINE: IOP02500002: Failed to create or
> locate
> Object Adaptor vmcid: SUN minor code: 2 completed: No]
>
>
> *root cause*
>
> org.omg.CORBA.OBJECT_NOT_EXIST: FINE: IOP02500002: Failed to create or
> locate
> Object Adaptor vmcid: SUN minor code: 2 completed: No
>
>
> *root cause*
>
>
>
> is my corbaname wrong ?
>
>
>
>
> <ejb-ref>
> <ejb-ref-name>CustomerAuthEjbRef</ejb-ref-name>
> <!-- corbaname:iiop:<host>:<port>#<global_jndi_name> -->
> <jndi-name>corbaname:iiop:stakhanov.hypsoma.com:3700#java:global/hades/auth-0.0.1-SNAPSHOT/CustomerAuthEjb!com.hypsoma.hades.auth.CustomerAuthEjbRemote</jndi-name>
>
> </ejb-ref>
>
>
>
> [1] http://java.net/jira/browse/GLASSFISH-16492
>
> --
>
> [Message sent by forum member 'brzhk']
>
> View Post: http://forums.java.net/node/796678
>
>