My oh my this week has given me headaches. I went through hundreds of lines of code for both geronimo and OpenEJB, and I can't seem to figure out why this isn't working. From what I've found on the internet it should work (unless I'm missing something).
OK. So I have this EJB: @Stateless @DeclareRoles( { "Admin" }) @RolesAllowed( { "Admin" }) public class TestBean implements TestRemote, TestLocal { @Resource private SessionContext sessionCtx; public String getInfo() { Principal p = sessionCtx.getCallerPrincipal(); StringBuilder sb = new StringBuilder(); sb.append("\n").append("Principal: " + p.getName() + " - type: " + p.getClass().getCanonicalName()); return sb.toString(); } } getInfo() is a Remote method. Then it's deploy plan contains: <security doas-current-called="true" default-role="Admin"> </security> And I do a remote lookup as follows: Properties p = new Properties(); p.put("java.naming.factory.initial", "org.apache.openejb.client.RemoteInitialContextFactory"); p.put("java.naming.provider.url", "ejbd://localhost:4201"); // user and pass optional p.put("openejb.authentication.realmName", "KMSRealm"); p.put("java.naming.security.principal", "quintin"); p.put("java.naming.security.credentials", "pass"); InitialContext ctx = new InitialContext(p); TestRemote myBean = (TestRemote) ctx.lookup("TestBeanRemote"); String info = myBean.getInfo(); When I run the code I get an: Exception in thread "main" javax.ejb.EJBAccessException: Unauthorized Access by Principal Denied So, I remove the security definitions from the EJB and it's deploy plan, the method executes, and the Principal it returns is UnauthenticatedPrincipal. KMSRealm is a server wide SQLLoginModule realm defined in the geronimo console. I know the login works, because changing the InitialContext credentials causes the login to fail. So all this works. I am basically trying to login via EJB, and then be able to do two things (1) define authorizations on the EJBs/methods (2) Retrieve the Subject/Principal. Both of these are very important. I've also tried replacing my <security> element in the deploy plan to this: <security> <default-subject> <realm>KMSRealm</realm> <id>quintin</id> </default-subject>> </security> But then I get the following when deploying: Error: Operation failed: start of kms/KMSPlatform-ejb/1.0/jar failed Unknown start exception Configuration kms/KMSPlatform-ejb/1.0/jar failed to start due to the following reasons: The service EJBModule=kms/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=StatelessSessionBean,name=PersonnelBean did not start because kms/KMSPlatform-ejb/1.0/jar?EJBModule=kms/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=JACCManager,name=JACCManager did not start. The service EJBModule=kms/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=StatelessSessionBean,name=TestBean did not start because kms/KMSPlatform-ejb/1.0/jar?EJBModule=kms/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=JACCManager,name=JACCManager did not start. The service EJBModule=kms/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=JACCManager,name=JACCManager did not start because Unknown realm: KMSRealm I am up to my head in frustration. I gave Geronimo a try on a redev of a project, but what took me about half a day to setup on Glassfish has now taken me a week. Can anyone please help me out, because I really want to have Geronimo's benefits in my applications. -- Quintin Beukes