That doesn't work neither.

If I change my method permission to unchecked that works:

<method-permission><unchecked/><method><ejb-name>com.quatrosi.be.al.AlertService</ejb-name><method-name>*</method-name></method></method-permission>

I don't know what is wrong with my configuration since I'm able to login with the credentials in myapp-users.properties

Dear Eduardo,

actually I haven't tested with your sugestion since I need to learn that API. I'm used to work with SE and I've been doing just little work with EJB.

What I've done was try to lookup EJB in "main" thread of the servlet.

Now I can lookup using java:app namespace, java:app/mod1/com.quatrosi.be.al.AppService!com.quatrosi.be.al.AppServiceHome but failed when invoking create() method with same error.

Other reference that could be interesting is that I can lookup EJB without any credential no JNDI contenxt. So I'm wondering if the problem is related to authentication.

I understand your mention to use EE Concurrency Utilities perfectly. And I can lookup EJB, even in the same thread of the servlet, I only cannot invoke any method in it.

And I can login into app and work without any constraints with EJBs.

Ok let's divide (problems) to conquer

I began to debug into picketbox and I realize that the principal is allways anonymous.

I've seen in some threads to authenticate before lookup EJB using LoginContext (user admin has USRX role)

LoginContext context = new LoginContext("NxGen", new Subject(), new UsernamePasswordCallbackHandler(username, password));

context.login();

And here goes the stacktrace with wildfly 8 with DEBUG level:

11:16:57,211 DEBUG [org.jboss.security] (MSC service thread 1-6) PBOX000292: Insufficient method permissions [principal: null, EJB name: com.quatrosi.be.al.AppService, method: create, interface: Home, required roles: Roles(USERX,), principal roles: Roles(), run-as roles: null]

11:17:07,725 DEBUG [org.jboss.security] (MSC service thread 1-6) PBOX000299: Required module org.jboss.security.authorization.modules.DelegatingAuthorizationModule failed

11:17:07,726 DEBUG [org.jboss.security] (MSC service thread 1-6) PBOX000325: Authorization processing error: org.jboss.security.authorization.AuthorizationException: PBOX000017: Acces denied: authorization failed

  at org.jboss.security.plugins.authorization.JBossAuthorizationContext.invokeAuthorize(JBossAuthorizationContext.java:268) [picketbox-4.0.20.Final.jar:4.0.20.Final]

  at org.jboss.security.plugins.authorization.JBossAuthorizationContext.access$000(JBossAuthorizationContext.java:71) [picketbox-4.0.20.Final.jar:4.0.20.Final]

  at org.jboss.security.plugins.authorization.JBossAuthorizationContext$1.run(JBossAuthorizationContext.java:147) [picketbox-4.0.20.Final.jar:4.0.20.Final]

  at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_17]

  at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:143) [picketbox-4.0.20.Final.jar:4.0.20.Final]

  at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:429) [picketbox-4.0.20.Final.jar:4.0.20.Final]

  at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115) [picketbox-4.0.20.Final.jar:4.0.20.Final]

  at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.authorize(EJBAuthorizationHelper.java:318) [picketbox-4.0.20.Final.jar:4.0.20.Final]

  at org.jboss.as.security.service.SimpleSecurityManager.authorize(SimpleSecurityManager.java:271) [wildfly-security-8.0.0.Final.jar:8.0.0.Final]

  at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:113) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]

  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

  at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:95) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]

  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

  at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]

  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

  at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]

  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

  at org.jboss.as.ejb3.component.interceptors.EjbExceptionTransformingInterceptorFactories$1.processInvocation(EjbExceptionTransformingInterceptorFactories.java:65) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]

  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

  at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)

  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

  at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:55) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]

  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

  at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)

  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

  at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:326)

  at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:448)

  at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)

  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

  at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:326)

  at org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)

  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:309)

  at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)

  at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:185)

  at org.jboss.as.ejb3.remote.LocalEjbReceiver.processInvocation(LocalEjbReceiver.java:243) [wildfly-ejb3-8.0.0.Final.jar:8.0.0.Final]

  at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:181) [jboss-ejb-client-2.0.0.Final.jar:2.0.0.Final]

  at org.jboss.ejb.client.EJBObjectInterceptor.handleInvocation(EJBObjectInterceptor.java:58) [jboss-ejb-client-2.0.0.Final.jar:2.0.0.Final]

  at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:183) [jboss-ejb-client-2.0.0.Final.jar:2.0.0.Final]

  at org.jboss.ejb.client.EJBHomeInterceptor.handleInvocation(EJBHomeInterceptor.java:83) [jboss-ejb-client-2.0.0.Final.jar:2.0.0.Final]

  at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:183) [jboss-ejb-client-2.0.0.Final.jar:2.0.0.Final]

  at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:42) [jboss-ejb-client-2.0.0.Final.jar:2.0.0.Final]

  at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:183) [jboss-ejb-client-2.0.0.Final.jar:2.0.0.Final]

  at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:125) [jboss-ejb-client-2.0.0.Final.jar:2.0.0.Final]

  at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:183) [jboss-ejb-client-2.0.0.Final.jar:2.0.0.Final]

  at org.jboss.ejb.client.EJBInvocationHandler.sendRequestWithPossibleRetries(EJBInvocationHandler.java:253) [jboss-ejb-client-2.0.0.Final.jar:2.0.0.Final]

  at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:198) [jboss-ejb-client-2.0.0.Final.jar:2.0.0.Final]

  at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:181) [jboss-ejb-client-2.0.0.Final.jar:2.0.0.Final]

  at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:144) [jboss-ejb-client-2.0.0.Final.jar:2.0.0.Final]

  at com.sun.proxy.$Proxy23.create(Unknown Source)

  at com.quatrosi.servlet.services.NxGenServicesServlet.startService(NxGenServicesServlet.java:151)

  at com.quatrosi.servlet.services.NxGenServicesServlet.startService(NxGenServicesServlet.java:109)

  at com.quatrosi.servlet.services.NxGenServicesServlet.startServices(NxGenServicesServlet.java:86)

  at com.quatrosi.servlet.services.NxGenServicesServlet.init(NxGenServicesServlet.java:45)

  at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:208)

  at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:116)

  at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:496)

  at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:87)

  at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.start(UndertowDeploymentService.java:71)

  at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)

  at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)

  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_17]

  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_17]

  at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_17]

What am I supposed to do or what I'm doing wrong to authenticate an user in wildfly pior to lookup any secured EJB?