geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: why we need to provide security realm name to a standalone ejb client?
Date Wed, 02 Feb 2011 07:04:04 GMT

On Feb 1, 2011, at 8:26 PM, Shailen wrote:

> Hi David,
> Thanks for that information. 2 things here:
> 1. Where is that property in security realm that makes it default?

There is no way to do that currently.  I was suggesting that it is a possible future feature.
 Patches are welcome.

> 2. I have also exported that EJB as a webservice now and when I am trying to consume
this webservice from soapui, its giving me exception as 
> "javax.ejb.EJBAccessException: Unauthorized Access by Principal Denied: Unauthorized
Access by Principal Denied"
> How do I call that webservice?

ejb web service security is configured similarly to web app security, but in the geronimo
plan for the ejb.  In this case you will be able to specify the security realm for the web
service login.

I don't see any instructions in the documentation so I suggest looking at the xml schema for
the openejb-jar.xml (not ejb-jar.xml).

hope this helps
david jencks

> Regards,
> Shailen (
> +91-9216020360
> Mohali, Chandigarh - 160062
> On Wednesday 02 February 2011 01:48 AM, David Jencks wrote:
>> This is the right place to ask this question.
>> Geronimo lets you set up many security realms at once.  When you connect from a remote
client to call ejbs, there's no easy way to predict which application's ejb or which ejb you
want to call.  So you have to specify how you want to log in when you connect.
>> We could allow specifying a default security realm for all of openejb so if you don't
specify a realm we use the default.
>> thanks
>> david jencks
>> On Feb 1, 2011, at 2:27 AM, Shailen wrote:
>>> Hi All,
>>> I have a very simple ejb deployed on geronimo2.2.1. This ejb is secured by a
security realm(Database(SQL) realm). When I call this ejb from a standalone java client, it
restricts me from accessing it without authentication.
>>> But when I provide this principal and credentials then also it restricts me from
calling this ejb.
>>> When I additionally provide realmName then it enables me to call this ejb.
>>> My question is why do we need to provide the security realm name in the client?
>>> I am sorry if this is not the right place to ask such questions.
>>> -- 
>>> Regards,
>>> Shailen (
>>> +91-9216020360
>>> Mohali, Chandigarh - 160062

View raw message