-
1. Re: ERROR [SecurityInterceptor] Authentication exception, pr
lmagee Oct 7, 2002 8:59 PM (in response to logontojboss)This is a common problem. You are using an EJB to authenticate, however when you have a security domain configured for your app the EJB itself must be authenticated (Catch 22). You have 2 options:
1. Don't use a Session bean for authenticatation, rather authenticate directly from the client.
2. (More complex) Create a separate .jar file in your application which has the authenticating Session bean. In the included jboss.xml for this jar, DO NOT specify a security domain. This EJB will not be required to authenticate, therefore you will not get the error you received below. Your other EJB's will still be authenticated correctly.
The second approach will complicate your build & deployment scenario, but will work. -
2. Re: ERROR [SecurityInterceptor] Authentication exception, pr
logontojboss Oct 8, 2002 4:00 AM (in response to logontojboss)thanks Imagee
i had tested the fisrt option and it realy works.
but for the second i did tried with ur suggestion but still i am facing an Error insufficient menthod premission principal=null method=create principalroles=[] ..
in my ejb-jar i had given <role-name> as everyone
and nothing is there at web.xml could that be cause of the problem. -
3. Re: ERROR [SecurityInterceptor] Authentication exception, pr
lucas3 Oct 8, 2002 12:49 PM (in response to logontojboss)I use the second approch. The "client session bean" is used for server side authentication and it is not under any securitu domain. it works
-
4. Re: ERROR [SecurityInterceptor] Authentication exception, pr
lmagee Oct 8, 2002 1:11 PM (in response to logontojboss)In the ejb-jar.xml file of the UNSECURED jar (containing the authenticating Session bean), remove any references to role names, as the purpose here is to ensure no authentication takes place prior to the EJB's methods being invoked.
Regards,
Liam.