4 Replies Latest reply on May 24, 2003 3:35 AM by Juha Lindfors

    Authentication exception principal =null when I dont want to

    Rahul Shinde Newbie

      In my ear file I have two jar files with two ejbs - one secure via JAAS and the other unsecured.

      When I call the USecuredEJB's method from my JUnit test case I dont do a loginContext as its unsecured.
      Still I get the exception

      java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
      java.rmi.ServerException: EJBException:; nested exception is:
      javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
      Authentication exception, principal=null

      I tried with and without the following in the ejb-jar.xml file for the UnSecuredEJB:
      <method-permission>


      <ejb-name>UnSecuredEJB</ejb-name>
      <method-name>*</method-name>

      </method-permission>

      In jboss.xml file for this UnSecureEJB
      I tired both
      no security-domain tag and one with <security-domain/>
      Still no change.

      The moment I remove the security from my SecuredEJB (in the other jar file).
      Everything works fine.

      Any ideas how to prevent this from happenning.

      And how can a secured and unsecured EJB co-exist in the same application?
      How a secured and unsecured EJB could co-exist in the same jar file, if its possible with JBoss as its possible in Weblogic?

      Thanks,
      Rahul