0 Replies Latest reply on Sep 21, 2004 1:03 PM by joe_the_quick

    Calling a stateless EJB using RMI - Security Considerations

    joe_the_quick Newbie

      ISSUE DESCRIPTION:
      I'm calling a stateless EJB using RMI from a non-managed environment (java program).

      The first issue I raised was:
      java.security.AccessControlException: access denied (java.lang.RuntimePermission org.jboss.security.SecurityAssociation.getPrincipalInfo)

      I've researched this forum and found the solution to disable the SecurityInterceptors (Home + Bean) in conf/standardjboss.xml.

      The second issue raised was an exception at the client side:
      java.security.AccessControlException: access denied (java.io.SerializablePermission enableSubstitution)

      This one has been removed by editing the java.policy file and adding:
      grant {
      permission java.io.SerializablePermission "enableSubstitution";
      };

      QUESTION:
      Is there another way but disabling the SecurityInterceptors? (I've found some hints regarding writing LoginModules, but no code sample for it)

      thx alot
      Johannes