users@glassfish.java.net

ORB Ignores "IIOP Client Authentication [] Required" setting?

From: <forums_at_java.net>
Date: Mon, 24 Oct 2011 18:13:13 -0500 (CDT)

Hi,

We have had on a couple of occasions a problem where out IIOP standalone
client cannot attach to the server when this setting has not been specified
(not check in admin console and not present in domain.xml).

It fails with a CORBA_NO_PERMISSION exception & "Unable to acquire
SerialContextProvider" when attempting to lookup the first bean. Our client
first connects to a bean that requires no authentication which first verifies
the user has been registered to use the application. (It provides better
feedback than just "login failed"). This problem occurred in production and
basically locked all our users out of the application.

The problem was reproduced in our QA environment but after trying a different
install and then trying to revert to the broken install I can't reproduce it
again.

I can create the same exception by turning on the "IIOP Client
Authentication" option in the admin console.

I found this bug (which has apparently been fixed)

http://java.net/jira/browse/GLASSFISH-11078 [1]

I was wondering if this could be a possible regression.

Would it help to explicitly set the client-authentication-required to false
in domain.xml?

James.


[1] http://java.net/jira/browse/GLASSFISH-11078

--
[Message sent by forum member 'james143']
View Post: http://forums.java.net/node/856649