1 Reply Latest reply on Jun 27, 2007 11:39 PM by batter

    How to call a secured EJB method from the Service mbean star

    batter

      I added a @RolesAllowed annotation to my EJB.
      I have an MBean (created using the @Service/@management annotations) that wants to call that EJB in its start method and of course gets an authentication exception. From the jmx-console is works fine since I edited the jmx-console security realm.
      Is there some other security realm I need to edit?

      And as an "ps": the method I call is basically to schedule the EJB to be run at certain intervals; now if there are better ways of doing *that*; it would be appreciated.

        • 1. Re: How to call a secured EJB method from the Service mbean
          batter

          So I now *what* caused it but not the *why*. (and maybe this post should go to the security forum but no clue how to X-post here).
          In the ejb jar that I create, I use the security-domain element to specify the security realm I defined. The reason for this was that I had to do that if I wanted to secure ejbs that are called from MBeans. What I saw was that if I defined a user/role in the jmx-console realm, I was able to call ejbs even when that jmx-console role was NOT defined in the EJBs rolesAllowed annotation; it started working correctly after I added the security-domain element to the ejb. Having this in in now, however 'causes the authentication exception during the mbeans start execution. ( the reason I mucking with this is that I don't want people f.e. to use twiddle or like code to call mbeans that they are not allowed
          Now I *guess* that I need to muck around with the client-login realm defined in the login-config.xml

          So much to learn, so little time lol