My oh my this week has given me headaches. I went through hundreds of lines of code for both geronimo and OpenEJB, and I can't seem to figure out why this isn't working. From what I've found on the internet it should work (unless I'm missing something).

OK. So I have this EJB:

@Stateless
@DeclareRoles( { "Admin" })
@RolesAllowed( { "Admin" })
public class TestBean implements TestRemote, TestLocal
{
  @Resource
  private SessionContext sessionCtx;
 
  public String getInfo()
  {
    Principal p = sessionCtx.getCallerPrincipal();
    StringBuilder sb = new StringBuilder();
    sb.append("\n").append("Principal: " + p.getName() + " - type: " + p.getClass().getCanonicalName());
    return sb.toString();
  }
}

getInfo() is a Remote method.

Then it's deploy plan contains:
   <security doas-current-called="true" default-role="Admin">

   </security>

And I do a remote lookup as follows:

    Properties p = new Properties();
    p.put("java.naming.factory.initial", "org.apache.openejb.client.RemoteInitialContextFactory");
    p.put("java.naming.provider.url", "ejbd://localhost:4201");
    // user and pass optional
    p.put("openejb.authentication.realmName", "KMSRealm");
    p.put("java.naming.security.principal", "quintin");
    p.put("java.naming.security.credentials", "pass");

    InitialContext ctx = new InitialContext(p);

    TestRemote myBean = (TestRemote) ctx.lookup("TestBeanRemote");
    String info = myBean.getInfo();

When I run the code I get an: Exception in thread "main" javax.ejb.EJBAccessException: Unauthorized Access by Principal Denied

So, I remove the security definitions from the EJB and it's deploy plan, the method executes, and the Principal it returns is UnauthenticatedPrincipal.

KMSRealm is a server wide SQLLoginModule realm defined in the geronimo console. I know the login works, because changing the InitialContext credentials causes the login to fail. So all this works.

I am basically trying to login via EJB, and then be able to do two things (1) define authorizations on the EJBs/methods (2) Retrieve the Subject/Principal. Both of these are very important.

I've also tried replacing my <security> element in the deploy plan to this:
   <security>
      <default-subject>
         <realm>KMSRealm</realm>
         <id>quintin</id>
      </default-subject>>
   </security>

But then I get the following when deploying:
    Error: Operation failed: start of kms/KMSPlatform-ejb/1.0/jar failed

            Unknown start exception

            Configuration kms/KMSPlatform-ejb/1.0/jar failed to start due to
    the following reasons:

      The service
    EJBModule=kms/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=StatelessSessionBean,name=PersonnelBean
    did not start because
    kms/KMSPlatform-ejb/1.0/jar?EJBModule=kms/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=JACCManager,name=JACCManager
    did not start.

      The service
    EJBModule=kms/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=StatelessSessionBean,name=TestBean
    did not start because
    kms/KMSPlatform-ejb/1.0/jar?EJBModule=kms/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=JACCManager,name=JACCManager
    did not start.

      The service
    EJBModule=kms/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=JACCManager,name=JACCManager
    did not start because Unknown realm: KMSRealm

I am up to my head in frustration. I gave Geronimo a try on a redev of a project, but what took me about half a day to setup on Glassfish has now taken me a week. Can anyone please help me out, because I really want to have Geronimo's benefits in my applications.
--
Quintin Beukes