I've tried to make a call to a session EJB from an unsiged applet. How-ever, this seems to be impossible.

At first I got the exception

java.security.AccessControlException: access denied (java.lang.RuntimePermission org.jboss.security.SecurityAssociation.getPrincipalInfo)

. This is fixed, by removing all client security checks in conf/standardjboss.xml. However, another exception occurs:

access denied (java.io.SerializablePermission enableSubstitution)

java.security.AccessControlException: access denied (java.io.SerializablePermission enableSubstitution)

 at java.security.AccessControlContext.checkPermission(Unknown Source)

I know this could be fixed by adding an option in the java.polocy file:

 permission java.io.SerializablePermission "enableSubstitution";

But that isn't a soluction, because every client has to do this before it's possible to use the applet :(.

Is there a workaround available, for calling EJB's with applets, without signing the applet, and without adding entries to the java.polocy file? According to this example: http://jboss.sourceforge.net/doc-24/ch11s21.html it was possible in JBoss 2.4; but I cannot get this example working in JBoss 3.2.3.

Thanks very much in advance