13 Replies Latest reply on Nov 29, 2012 11:06 AM by thealey

    JBoss AS 7.1.2 - Trouble getting Remote EJB calls to work - anonymous login doesn't have the role need to authorize

      Here is the error:

           [java] blah.blah.exception.AuthorizationException: Authorization failed: anonymous does not have role Admin Reader User

           [java]           at blah.blah.blah.session.base.BeanBase.callerMustHaveRole(BeanBase.java:81)

           [java] error getting admin user:blah.blah.exception.AuthorizationException: Authorization failed: anonymous does not have role Admin Reader User


      We appear to have everything set up the way it should be to get Remote EJB calls to work, but even though it appears the container knows the principal and roles of that principle it is not passing that information to the bean so our attempts to call the bean are failing with an Authorization error "anonymous does not have role <Insert our rolename>...". It is critical we move forward here, can anyone help?
      I am logging in with admin2.
      Here is an example of our annotations for security and we use xdoclet to generate the proxies, local and localhome interfaces.
      /**
      * @ejb.bean type="Stateless" transaction-type="Bean" view-type="both" jndi-name="${product}AdminManagement"
      * @ejb.permission unchecked="false"
      * @blah.ejb business-interface="blah.blah.blah.business.AdminManagementMethods"
      * @SecurityDomain("EJBRealm1")
      */
      Here is our role checking function - it is custom as at one we thought this was a better way to go.
      protected void callerMustHaveRole(String login, Integer roleId) throws SystemException {
            UsersDataAccessor accessor = null;
           try {
                accessor = Accessor.getUsersDataAccessor();
                checks the roles table - the problem here is that the login is anonymous
                if (!accessor.loginHasRole(login, roleId)) {
                    // Throwing AuthorizationException subclass of SystemException does not result in a runtime error.
                    throw new AuthorizationException(makeAuthorizionError(login, roleId));
                }
            } finally {
                Accessor.disposeUsersDataAccessor(accessor);
            }
        }
      the jboss-ejb-client.properties file is

       

      endpoint.name=client-endpoint

      remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

      remote.connections=default

      remote.connection.default.host=localhost

      remote.connection.default.port = 24447

      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=true

      remote.connection.default.username=guest

      remote.connection.default.password=guest

       

      security realm:

       

                <security-realm name="EJBRealm1">

                      <authentication>

                          <jaas name="career"/>

                      </authentication>

                  </security-realm>

       

       

      Here is the security domain definition:

       

      <security-domain name="career" cache-type="default">

                          <authentication>

                              <login-module code="blah.blah.jboss.authentication.DardenDatabaseLoginModule" module="tapestry" flag="sufficient">

                                  <module-option name="dsJndiName" value="java:/StudentDS"/>

                                  <module-option name="principalsQuery" value="select password from Users where login=?"/>

                                  <module-option name="rolesQuery" value="SELECT Roles.role_name, 'Roles' FROM Users INNER JOIN Users_Roles ON Users.user_id = Users_Roles.user_id INNER JOIN Roles ON Users_Roles.role_id = Roles.role_id where Users.login = ? AND (Users.access_denied IS NULL OR Users.access_denied = 0)"/>

                                  <module-option name="hashUserPassword" value="true"/>

                                                                            <module-option name="unauthenticatedIdentity" value="nobody"/>

                                  <module-option name="password-stacking" value="useFirstPass"/>

                              </login-module>

                          </authentication>

                      </security-domain>

       

      remoting:

       

                 <connector name="remoting-connector-career" socket-binding="remoting-career" security-realm="EJBRealm1"/>

       

       

      Socket binding:

            <socket-binding name="remoting-career" port="24447"/>

       

       

      The log is:

      13:59:13,706 INFO  [org.jboss.as] (Controller Boot Thread) JBAS015951: Admin console listening on http://127.0.0.1:9990

      13:59:13,708 INFO  [org.jboss.as] (Controller Boot Thread) JBAS015874: JBoss EAP 6.0.0.GA (AS 7.1.2.Final-redhat-1) started in 13418ms - Started 2103 of 2196 services (89 services are passive or on-demand)

      13:59:32,330 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-1) Begin isValid, principal:admin2, cache entry: null

      13:59:32,336 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-1) defaultLogin, principal=admin2

      13:59:32,338 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "blah-mb-pro" task-1) Begin getAppConfigurationEntry(career), size=6

      13:59:32,350 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "blah-mb-pro" task-1) End getAppConfigurationEntry(career), authInfo=AppConfigurationEntry[]:

      [0]

      LoginModule Class: blah.blah.jboss.authentication.BlahDatabaseLoginModule

      ControlFlag: LoginModuleControlFlag: sufficient

      Options:

      name=hashUserPassword, value=true

      name=principalsQuery, value=select password from Users where login=?

      name=unauthenticatedIdentity, value=nobody

      name=dsJndiName, value=java:/StudentDS

      name=password-stacking, value=useFirstPass

      name=rolesQuery, value=SELECT Roles.role_name, 'Roles' FROM Users INNER JOIN Users_Roles ON Users.user_id = Users_Roles.user_id INNER JOIN Roles ON Users_Roles.role_id = Roles.role_id where Users.login = ? AND (Users.access_denied IS NULL OR Users.access_denied = 0)

       

       

      13:59:32,452 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-1) defaultLogin, lc=javax.security.auth.login.LoginContext@5cbaa656, subject=Subject(1170799313).principals=org.jboss.security.SimplePrincipal@1557271138(admin2)org.jboss.security.SimpleGroup@1214619182(CallerPrincipal(members:admin2))org.jboss.security.SimpleGroup@1214619182(Roles(members:StudentCoreEditor,CareerAdminGeneral,CareerAdminReader,CareerScheduleAdmin,ContactManager,dev,CareerResourceEditor,AdminStudentManager,CareerCounselor,CareerAdminSuper,JobOfferManager))

      13:59:32,453 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-1) updateCache, inputSubject=Subject(1170799313).principals=org.jboss.security.SimplePrincipal@1557271138(admin2)org.jboss.security.SimpleGroup@1214619182(CallerPrincipal(members:admin2))org.jboss.security.SimpleGroup@1214619182(Roles(members:StudentCoreEditor,CareerAdminGeneral,CareerAdminReader,CareerScheduleAdmin,ContactManager,dev,CareerResourceEditor,AdminStudentManager,CareerCounselor,CareerAdminSuper,JobOfferManager)), cacheSubject=Subject(972328005).principals=org.jboss.security.SimplePrincipal@1557271138(admin2)org.jboss.security.SimpleGroup@1214619182(CallerPrincipal(members:admin2))org.jboss.security.SimpleGroup@1214619182(Roles(members:StudentCoreEditor,CareerAdminGeneral,CareerAdminReader,CareerScheduleAdmin,ContactManager,dev,CareerResourceEditor,AdminStudentManager,CareerCounselor,CareerAdminSuper,JobOfferManager))

      13:59:32,454 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-1) Inserted cache info: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@68cef11c

      13:59:32,455 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-1) End isValid, true

      13:59:32,571 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-4) Begin isValid, principal:guest, cache entry: null

      13:59:32,571 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-4) defaultLogin, principal=guest

      13:59:32,572 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "healeyt-mb-pro" task-4) Begin getAppConfigurationEntry(career), size=6

      13:59:32,572 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "healeyt-mb-pro" task-4) End getAppConfigurationEntry(career), authInfo=AppConfigurationEntry[]:

      [0]

      LoginModule Class: blah.blah.jboss.authentication.BlahDatabaseLoginModule

      ControlFlag: LoginModuleControlFlag: sufficient

      Options:

      name=hashUserPassword, value=true

      name=principalsQuery, value=select password from Users where login=?

      name=unauthenticatedIdentity, value=nobody

      name=dsJndiName, value=java:/StudentDS

      name=password-stacking, value=useFirstPass

      name=rolesQuery, value=SELECT Roles.role_name, 'Roles' FROM Users INNER JOIN Users_Roles ON Users.user_id = Users_Roles.user_id INNER JOIN Roles ON Users_Roles.role_id = Roles.role_id where Users.login = ? AND (Users.access_denied IS NULL OR Users.access_denied = 0)

       

       

      13:59:32,579 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-4) defaultLogin, lc=javax.security.auth.login.LoginContext@3675c9a2, subject=Subject(1862846108).principals=org.jboss.security.SimplePrincipal@1557271138(guest)org.jboss.security.SimpleGroup@1214619182(CallerPrincipal(members:guest))org.jboss.security.SimpleGroup@1214619182(Roles(members))

      13:59:32,579 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-4) updateCache, inputSubject=Subject(1862846108).principals=org.jboss.security.SimplePrincipal@1557271138(guest)org.jboss.security.SimpleGroup@1214619182(CallerPrincipal(members:guest))org.jboss.security.SimpleGroup@1214619182(Roles(members)), cacheSubject=Subject(690447543).principals=org.jboss.security.SimplePrincipal@1557271138(guest)org.jboss.security.SimpleGroup@1214619182(CallerPrincipal(members:guest))org.jboss.security.SimpleGroup@1214619182(Roles(members))

      13:59:32,579 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-4) Inserted cache info: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@59453f7c

      13:59:32,579 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-4) End isValid, true

      13:59:32,741 INFO  [org.jboss.ejb.client] (pool-4-thread-1) JBoss EJB Client version 1.0.10.Final-redhat-1

       

       

      Notice that admin2 is authenticated and looks to be authorized but notice also that guest also looks to be authenticated and authorized.

       

       

      So the problem is that the principal "admin2" is not getting to our callerMustHaveRole function even though the container knows about it and its roles.


       

      What other parts of my standalone.xml can be helpful?
      What other info can I provide to help?

      Help please.

        • 1. Re: JBoss AS 7.1.2 - Trouble getting Remote EJB calls to work - anonymous login doesn't have the role need to authorize
          jaikiran

          You are missing the "Remoting" login module in your "career" security domain configuration. See this for details https://docs.jboss.org/author/display/AS71/Admin+Guide#AdminGuide-othersecuritydomain

          1 of 1 people found this helpful
          • 2. Re: JBoss AS 7.1.2 - Trouble getting Remote EJB calls to work - anonymous login doesn't have the role need to authorize

            Jaikiran,

            Thank you for you quick response. However, the result is the same although as you will see in the log it is at least calling the remoting module.

             

            Here is the change to standalone

                            <security-domain name="career" cache-type="default">

                                <authentication>

                                          <login-module code="Remoting" flag="sufficient">

                                        <module-option name="password-stacking" value="useFirstPass"/>

                                    </login-module>

                                    <login-module code="edu.darden.jboss.authentication.DardenDatabaseLoginModule" module="tapestry" flag="sufficient">

                                        <module-option name="dsJndiName" value="java:/StudentDS"/>

                                        <module-option name="principalsQuery" value="select password from Users where login=?"/>

                                        <module-option name="rolesQuery" value="SELECT Roles.role_name, 'Roles' FROM Users INNER JOIN Users_Roles ON Users.user_id = Users_Roles.user_id INNER JOIN Roles ON Users_Roles.role_id = Roles.role_id where Users.login = ? AND (Users.access_denied IS NULL OR Users.access_denied = 0)"/>

                                        <module-option name="hashUserPassword" value="true"/>

                                                                                  <module-option name="unauthenticatedIdentity" value="nobody"/>

                                        <module-option name="password-stacking" value="useFirstPass"/>

                                    </login-module>

                                </authentication>

                            </security-domain>

             

             

             




            09:20:28,028 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-1) Begin isValid, principal:admin2, cache entry: null



            09:20:28,031 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-1) defaultLogin, principal=admin2



            09:20:28,032 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "blah-mb-pro" task-1) Begin getAppConfigurationEntry(career), size=6



            09:20:28,038 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "blah-mb-pro" task-1) End getAppConfigurationEntry(career), authInfo=AppConfigurationEntry[]:



            [0]



            LoginModule Class: org.jboss.as.security.remoting.RemotingLoginModule



            ControlFlag: LoginModuleControlFlag: optional



            Options:



            name=password-stacking, value=useFirstPass



            [1]



            LoginModule Class: blah.blah.jboss.authentication.DardenDatabaseLoginModule



            ControlFlag: LoginModuleControlFlag: sufficient



            Options:



            name=hashUserPassword, value=true



            name=principalsQuery, value=select password from Users where login=?



            name=unauthenticatedIdentity, value=nobody



            name=dsJndiName, value=java:/StudentDS



            name=password-stacking, value=useFirstPass



            name=rolesQuery, value=SELECT Roles.role_name, 'Roles' FROM Users INNER JOIN Users_Roles ON Users.user_id = Users_Roles.user_id INNER JOIN Roles ON Users_Roles.role_id = Roles.role_id where Users.login = ? AND (Users.access_denied IS NULL OR Users.access_denied = 0)

             

             




            09:20:28,131 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-1) defaultLogin, lc=javax.security.auth.login.LoginContext@386c0ce, subject=Subject(252688245).principals=org.jboss.security.SimplePrincipal@2027761752(admin2)org.jboss.security.SimpleGroup@1121076758(CallerPrincipal(members:admin2))org.jboss.security.SimpleGroup@1121076758(Roles(members:StudentCoreEditor,CareerAdminGeneral,CareerAdminReader,CareerScheduleAdmin,ContactManager,dev,CareerResourceEditor,AdminStudentManager,CareerCounselor,CareerAdminSuper,JobOfferManager))



            09:20:28,133 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-1) updateCache, inputSubject=Subject(252688245).principals=org.jboss.security.SimplePrincipal@2027761752(admin2)org.jboss.security.SimpleGroup@1121076758(CallerPrincipal(members:admin2))org.jboss.security.SimpleGroup@1121076758(Roles(members:StudentCoreEditor,CareerAdminGeneral,CareerAdminReader,CareerScheduleAdmin,ContactManager,dev,CareerResourceEditor,AdminStudentManager,CareerCounselor,CareerAdminSuper,JobOfferManager)), cacheSubject=Subject(493970471).principals=org.jboss.security.SimplePrincipal@2027761752(admin2)org.jboss.security.SimpleGroup@1121076758(CallerPrincipal(members:admin2))org.jboss.security.SimpleGroup@1121076758(Roles(members:StudentCoreEditor,CareerAdminGeneral,CareerAdminReader,CareerScheduleAdmin,ContactManager,dev,CareerResourceEditor,AdminStudentManager,CareerCounselor,CareerAdminSuper,JobOfferManager))



            09:20:28,133 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-1) Inserted cache info: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@333bd604



            09:20:28,134 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-1) End isValid, true



            09:20:28,266 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-4) Begin isValid, principal:guest, cache entry: null



            09:20:28,266 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-4) defaultLogin, principal=guest



            09:20:28,266 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "blah-mb-pro" task-4) Begin getAppConfigurationEntry(career), size=6



            09:20:28,266 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (Remoting "blah-mb-pro" task-4) End getAppConfigurationEntry(career), authInfo=AppConfigurationEntry[]:



            [0]



            LoginModule Class: org.jboss.as.security.remoting.RemotingLoginModule



            ControlFlag: LoginModuleControlFlag: optional



            Options:



            name=password-stacking, value=useFirstPass



            [1]



            LoginModule Class: blah.blah.jboss.authentication.DardenDatabaseLoginModule



            ControlFlag: LoginModuleControlFlag: sufficient



            Options:



            name=hashUserPassword, value=true



            name=principalsQuery, value=select password from Users where login=?



            name=unauthenticatedIdentity, value=nobody



            name=dsJndiName, value=java:/StudentDS



            name=password-stacking, value=useFirstPass



            name=rolesQuery, value=SELECT Roles.role_name, 'Roles' FROM Users INNER JOIN Users_Roles ON Users.user_id = Users_Roles.user_id INNER JOIN Roles ON Users_Roles.role_id = Roles.role_id where Users.login = ? AND (Users.access_denied IS NULL OR Users.access_denied = 0)

             

             




            09:20:28,273 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-4) defaultLogin, lc=javax.security.auth.login.LoginContext@1bef829c, subject=Subject(157802008).principals=org.jboss.security.SimplePrincipal@2027761752(guest)org.jboss.security.SimpleGroup@1121076758(CallerPrincipal(members:guest))org.jboss.security.SimpleGroup@1121076758(Roles(members))



            09:20:28,273 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-4) updateCache, inputSubject=Subject(157802008).principals=org.jboss.security.SimplePrincipal@2027761752(guest)org.jboss.security.SimpleGroup@1121076758(CallerPrincipal(members:guest))org.jboss.security.SimpleGroup@1121076758(Roles(members)), cacheSubject=Subject(36044411).principals=org.jboss.security.SimplePrincipal@2027761752(guest)org.jboss.security.SimpleGroup@1121076758(CallerPrincipal(members:guest))org.jboss.security.SimpleGroup@1121076758(Roles(members))



            09:20:28,273 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-4) Inserted cache info: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@c663e57



            09:20:28,273 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Remoting "blah-mb-pro" task-4) End isValid, true



            09:20:28,468 INFO  [org.jboss.ejb.client] (pool-4-thread-1) JBoss EJB Client version 1.0.10.Final-redhat-1



            09:20:28,621 INFO  [org.jboss.as.naming] (Remoting "blah-mb-pro" task-4) JBAS011806: Channel end notification received, closing channel Channel ID 06b9e0e9 (inbound) of Remoting connection 6e11f30f to /127.0.0.1:60101

             

             

             

             

             

             

            Any other thoughts?

            • 3. Re: JBoss AS 7.1.2 - Trouble getting Remote EJB calls to work - anonymous login doesn't have the role need to authorize

              Bump.

              • 4. Re: JBoss AS 7.1.2 - Trouble getting Remote EJB calls to work - anonymous login doesn't have the role need to authorize
                pweldon

                Tom Healey wrote:

                * @SecurityDomain("EJBRealm1")

                 

                You most probably need @SecurityDomain("career") here.

                1 of 1 people found this helpful
                • 5. Re: JBoss AS 7.1.2 - Trouble getting Remote EJB calls to work - anonymous login doesn't have the role need to authorize

                  I did change the SecurityDomain to career since that is the security-domain defined in the standalone.xml, It didn't work though.. I am confused why the remoting asks for the security-realm. Still baffling to me.

                  Thanks for responding.

                  Tom

                  • 6. Re: JBoss AS 7.1.2 - Trouble getting Remote EJB calls to work - anonymous login doesn't have the role need to authorize
                    pweldon

                    How does the code that calls callerMustHaveRole determine the current caller? javax.ejb.SessionContext.getCallerPrincipal?

                    When you say the current login is anonymous do you mean it is the unathenticated identity ('nobody') configured in your custom login module (DardenDatabaseLoginModule) or in fact 'anonymous'?

                    • 7. Re: JBoss AS 7.1.2 - Trouble getting Remote EJB calls to work - anonymous login doesn't have the role need to authorize

                      >How does the code that calls callerMustHaveRole determine the current caller? javax.ejb.SessionContext.getCallerPrincipal

                      Yes.

                      >When you say the current login is anonymous do you mean it is the unathenticated identity ('nobody') configured in your custom login module (DardenDatabaseLoginModule) or in fact 'anonymous'?

                      Yes. anonymous

                      Thanks,

                      Tom


                      • 8. Re: JBoss AS 7.1.2 - Trouble getting Remote EJB calls to work - anonymous login doesn't have the role need to authorize
                        pweldon

                        If the bean has no security domain associated with it, the caller principal would be 'anonymous', even if the remoting connection was authenticated. To confirm or deny this check the logs for messages like this:

                        DEBUG [org.jboss.as.ejb3] (MSC service thread 1-3) Security is *not* enabled on EJB: ##bad-bean-name##, no security interceptors will apply

                        DEBUG [org.jboss.as.ejb3] (MSC service thread 1-3) EJB ##good-bean-name## is part of security domain career

                        • 9. Re: JBoss AS 7.1.2 - Trouble getting Remote EJB calls to work - anonymous login doesn't have the role need to authorize

                          pweldon,

                          Thanks! I have been unable to get back to this til now and your idea is a blig clue.

                          So I googled:

                          Security is *not* enabled on EJB beans JBoss 7 and got a bunch of results but in the interest of time, I was wondering if you could point me in the direction I need to go to get the answer if you don't have the time to answer it yourself. Thanks again. Your answer was helpful.

                           

                          I looked at this

                          https://community.jboss.org/wiki/JBossAS7SecurityEJB3Security

                           

                          But it appears we are doing what the article suggests.

                          We have this in our jboss.xml

                          <security-domain>java:/jaas/career</security-domain>

                           

                          and

                           

                          <assembly-descriptor>

                              <s:security>

                                <ejb-name>*</ejb-name>

                                    <s:security-domain>career</s:security-domain>

                              </s:security>

                            </assembly-descriptor>


                          in jboss-ejb3.xml

                           

                          Also,

                          this morning I figured out that we weren't really using annotations.

                          I imported

                          org.jboss.ejb3.annotation.SecurityDomain;

                           

                           

                           

                          and then defined

                           

                          @SecurityDomain("career")

                           

                          and it still doesn't work. Meaning, I still get

                          11:05:47,740 DEBUG [org.jboss.as.ejb3] (MSC service thread 1-5) Security is *not* enabled on EJB: AdminManagement, no security interceptors will apply


                          And for clarity career domain does seem to be set up.

                          11:05:38,269 DEBUG [org.jboss.as.security] (MSC service thread 1-5) Starting SecurityDomainService(career)

                          11:05:38,278 DEBUG [org.jboss.as.security] (MSC service thread 1-5) Creating SDC for domain=career

                           

                          Is there another way we can test that the annotation and or XML is setup correctly?



                          Thanks,

                          Tom

                           

                          Message was edited by: Tom Healey

                           

                          Message was edited by: Tom Healey

                          • 10. Re: JBoss AS 7.1.2 - Trouble getting Remote EJB calls to work - anonymous login doesn't have the role need to authorize
                            pweldon

                            Using the annotation (org.jboss.ejb3.annotation.SecurityDomain) or the xml in jboss-ejb3.xml should work, pick one. I would try the xml to start as this would not involve xdoclet. If jboss still logs that the ejb does not have security enabled, there is most likely a problem with the jboss-ejb3.xml. Make sure it is in the right location, and make sure it is being parsed by jboss. To confirm this put a syntax error in the security tag, and deploy your application, and scan the logs for the error that should occur while parsing the xml file.

                             

                            jboss.xml is not used by jboss7, as far as I know.

                             

                            HTH

                            • 11. Re: JBoss AS 7.1.2 - Trouble getting Remote EJB calls to work - anonymous login doesn't have the role need to authorize

                              pweldon,

                              Putting jboss-ejb3.xml in the META-INF dir of the ejb.jar file fixed the problem. Sort of. I had to put another username and password in the jboss-ejb-client.properties as well as putting the xml file in the right place. I need to find a way to pass the currently logged in user across the wire.

                              Thanks! Getting closer...

                              Tom

                              • 12. Re: JBoss AS 7.1.2 - Trouble getting Remote EJB calls to work - anonymous login doesn't have the role need to authorize
                                pweldon

                                I found this helpful when getting a non-property based client config going:

                                https://community.jboss.org/message/647202#647202

                                 

                                Instead of specifying the user/password in the config, there is also the callback option which I have used successfully:

                                https://community.jboss.org/message/719541#719541

                                • 13. Re: JBoss AS 7.1.2 - Trouble getting Remote EJB calls to work - anonymous login doesn't have the role need to authorize

                                  pweldon,

                                  Thank you soooo much. Sorry for the excessive "o"'s but your help got us over the hump. Please post back here if I can help you in anyway.