Is it possible to use different authentication methods for remote JNDI lookups and EJB calls? I want to publish a kind of service directory in JNDI with a simple authentication against something like application-users.properties. The service itself should use another authentication (e.g. database).
The client is a "classic" standalone swing application and uses the ClientLoginModule to propagate its credentials to the server. The server code is a bunch of EJBs bundled in an EAR.
I can call EJBs but the JNDI lookup always seems to fail. If I disable security for remoting ( <http-connector name="http-remoting-connector" connector-ref="default" /> ) I don't get any useful credentials at all.
My security setup (standalone.xml):
(1) created a security realm "JndiRealm" with properties based authentication/authorization
(2) linked this to the remoting connector:
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="JndiRealm" />
(3) configured ApplicationRealm like so:
<security-realm name="ApplicationRealm">
<authentication>
<jaas name="my-service-domain"/>
</authentication>
</security-realm>
(4) created security-domain "my-service-domain" with Database login module etc.
Server is WildFly 10 CR5.
My questions are:
Is such a scenario even supported and if so, what is missing in my configuration?
If it is not supported: how can I use unsecured JNDI lookups and secured EJB calls?
Maybe I am just doing something horribly wrong.
Thanks for your help.