On Feb 1, 2011, at 8:26 PM, Shailen wrote:

Hi David,

Thanks for that information. 2 things here:
1. Where is that property in security realm that makes it default?

There is no way to do that currently.  I was suggesting that it is a possible future feature.  Patches are welcome.

2. I have also exported that EJB as a webservice now and when I am trying to consume this webservice from soapui, its giving me exception as

"javax.ejb.EJBAccessException: Unauthorized Access by Principal Denied: Unauthorized Access by Principal Denied"

How do I call that webservice?

ejb web service security is configured similarly to web app security, but in the geronimo plan for the ejb.  In this case you will be able to specify the security realm for the web service login.

I don't see any instructions in the documentation so I suggest looking at the xml schema for the openejb-jar.xml (not ejb-jar.xml).

hope this helps
david jencks


Regards,
Shailen (khichi.shailendra@gmail.com)
+91-9216020360
Mohali, Chandigarh - 160062

On Wednesday 02 February 2011 01:48 AM, David Jencks wrote:
This is the right place to ask this question.

Geronimo lets you set up many security realms at once.  When you connect from a remote client to call ejbs, there's no easy way to predict which application's ejb or which ejb you want to call.  So you have to specify how you want to log in when you connect.

We could allow specifying a default security realm for all of openejb so if you don't specify a realm we use the default.

thanks
david jencks

On Feb 1, 2011, at 2:27 AM, Shailen wrote:

Hi All,

I have a very simple ejb deployed on geronimo2.2.1. This ejb is secured by a security realm(Database(SQL) realm). When I call this ejb from a standalone java client, it restricts me from accessing it without authentication.

But when I provide this principal and credentials then also it restricts me from calling this ejb.
When I additionally provide realmName then it enables me to call this ejb.

My question is why do we need to provide the security realm name in the client?

I am sorry if this is not the right place to ask such questions.
-- 

Regards,
Shailen (khichi.shailendra@gmail.com)
+91-9216020360
Mohali, Chandigarh - 160062