2 Replies Latest reply on Jul 30, 2005 11:16 AM by starksm64

Servlet init() calling secured EJBs

sgodden Jul 28, 2005 5:41 AM

I have an app which requires that on system startup, various initialisation is performed, which results a) in system delivered data being created, and b) some utility objects being bound into JNDI.

I am doing this work in the init() method of a servlet which is deployed within my EAR.

Unfortunately, if I secure my EJBs, then the servlet cannot access them, as it runs under a null user principal. Run-as role doesn't help that.

I tried doing an explicit client login to the domain in question within the init() method. The login succeeds, but I still get the same null principal errors when it tries to access the secured EJBs.

Can anyone suggest how I should perform this initialisation in a secured environment? I need to be portable, which is why I have used a servlet init() method up to now.

1. Re: Servlet init() calling secured EJBs

ahardy66 Jul 28, 2005 6:55 AM (in response to sgodden)

"sgodden" wrote:

Unfortunately, if I secure my EJBs, then the servlet cannot access them, as it runs under a null user principal. Run-as role doesn't help that.

Are you sure? From reading the servlet spec just now, run-as seems to be exactly what you need. Do you have the role specified properly in the web.xml? Are you sure your principal is null in the EJB? And are you sure you have specified that that role can use that EJB?
Actions
2. Re: Servlet init() calling secured EJBs

starksm64 Jul 30, 2005 11:16 AM (in response to sgodden)

There is an open bug report that will be fixed for 4.0.3:

http://jira.jboss.com/jira/browse/JBAS-2015
Actions

Go to original post