1 2 Previous Next 16 Replies Latest reply on Apr 12, 2013 7:00 AM by sae_stahlgruber

    EJB remote call does not propagate security principal

    Dirk Weil Newbie

      I'm trying to call an EJB from a remote client and pass a user name with the call. I am able to invoke the ejb methods, but the user name passed is lost and replaced by $local. From various posts and some few word in the guides I guess, that I am trapped by some mysterious local authentication mechanism.


      I'm using JBoss 7.1.1.Final out-of-the-box, i.e. without any modifications of standalone.xml with regard to security. The ejb is called via the remote: protocol and userid and password are passed as properties when initializing the JNDI context.


      But after that I'm completely lost with security configuration. What is the proposed security configuration for ejb remote call?


      a) Should you stay with ApplicationRealm or are you supposed to create a different realm for every application? If so, how do you specify the reals to use on client side?


      b) What is the relationship of security realms and security domains? Remote calls work with Application Realm, but security is enabled by specifiing a security domain. How does that work together?


      c) Are there some magic properties to pass from client to server to enable security principal propagation?


      d) Does ejb security work in WAR/EAR deployments only or can you use EJB-JAR files as well?


      Is there any working sample to steal from?


      Thanks in advance


        1 2 Previous Next