• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Call secured Remote EJB from WebClient

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I want to access a secured @Remote EJB running on an Glassfish v2 instance from a WebClient (WAR) running on another Glassfish v3 instance.

When not securing the Remote EJB via file-realm basic username/password authentication, access from the WAR is no problem simply using annotations @EJB(mappedName="Location of EJB").

But when the EJB is secured - which is pretty usual as also in my case the two applications are running on different machines - then getting access seems to be quite complicated (or what am I doing wrong?!):
1. is there a way to provide the username and password a) via annotations or b) deployment descriptors?

2. if not, how can one lookup the Remote EJB in the Web Client via InitialContext?! Unfortunately, the FAQ in this respect (https://glassfish.dev.java.net/javaee5/ejb/EJB_FAQ.html) does not says anything on accessing secured EJBs and the solution for properties provided there for standalone apps regarding the EJB lookup do not work:
I tried it this way:
Properties props = new Properties();

props.setProperty("java.naming.factory.initial","com.sun.enterprise.naming.SerialInitContextFactory");
props.setProperty("java.naming.factory.url.pkgs","com.sun.enterprise.naming");
props.setProperty("java.naming.factory.state","com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl");
props.setProperty("org.omg.CORBA.ORBInitialHost", "localhost");
props.setProperty("org.omg.CORBA.ORBInitialPort", "3700");
props.put("java.naming.security.principal", "username");
props.put("java.naming.security.credentials", "password");

ic = new InitialContext(props);

myBean = (MyBean) ic.lookup("ejb/MyBean");

but I get the following error:
javax.naming.NoInitialContextException: Cannot instantiate class: com.sun.enterprise.naming.SerialInitContextFactory [Root exception is java.lang.ClassNotFoundException: com.sun.enterprise.naming.SerialInitContextFactory]
at com.sun.enterprise.naming.GlassFishNamingBuilder.createInitialContextFactory(GlassFishNamingBuilder.java:100)

3. I also tried adding a security constraint (basic authentication with username and password) to the web client hoping the security identity is propagated to the Remote EJB, but that failed also with the exception (although I am not using the RunAs annotation):
iiop.secmechanism_exception
com.sun.enterprise.iiop.security.SecurityMechanismException: Cannot propagate username/password required by target when using run as identity
at com.sun.enterprise.iiop.security.SecurityMechanismSelector.propagateIdentity(SecurityMechanismSelector.java:641)


Can anyone help on this issue?
It can't be so complicated to just call a secured remote EJB from a web client, I think that this is a very common scenario! What am I doing wrong?
Thanks a lot!
 
reply
    Bookmark Topic Watch Topic
  • New Topic