How to remove all EJB security | WAS-to-JBOSS migration

We're migrating applications and EJBs from WAS 5.0 to JBOSS 5.1. We don't need security on these EJB's, but when we deploy the EJBs on JBOSS, our application code in our servlets are getting a Security (Authentication) exception for the EJB. Are we missing something simple? Is there a line somewhere we forgot to insert in a config setting, or something special to JBOSS EJB security that we don't know about?

(Also, before people start lecturing us on the need for security, this is just our dev server, and we're doing proof-of-concept work. We'd like to get the EJB's actually working first before figuring out the security situation. Plus, the prior EJB setup on WAS didn't seem to have security, and there's no business/technical requirements for it either).

Here's an excerpt from our ejb-jar.xml:

<display-name>gcsejb</display-name>
<enterprise-beans>
<session id="GcsCache">
<ejb-name>GcsCache</ejb-name>
<local-home>com.gap.cs.cache.GcsCacheHome</local-home>
<local>com.gap.cs.cache.GcsCache</local>
<ejb-class>com.gap.cs.cache.GcsCacheEJB</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<resource-ref id="ResourceRef_1054339999999">
<description></description>
<res-ref-name>GcsOracleDSRef</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
</session>

Thanks!

Also, just to show the error log excerpt:

00:42:01,692 ERROR [SecurityInterceptor] Error in Security Interceptor
java.lang.SecurityException: Authentication exception, principal=null  at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:321)
 at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:243)
 at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:205)
 at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:142)
 at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invokeHome(PreSecurityInterceptor.java:88)
 at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)
 at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)
 at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:639)
 at org.jboss.ejb.Container.invoke(Container.java:1109)
 at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invokeHome(BaseLocalProxyFactory.java:362)
 at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:133)
 at $Proxy155.create(Unknown Source)
 at com.gap.cs.util.CSFactory.getSecurityInstance(CSFactory.java:375)
 at com.gap.fmr.presentation.servlets.LoginServlet.initServletContext(LoginServlet.java:1300)
 at com.gap.fmr.presentation.servlets.LoginServlet.init(LoginServlet.java:53)
 at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1048)
 at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:777)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:129)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
 at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183)
 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)
 at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
 at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
 at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451)
 at java.lang.Thread.run(Thread.java:662)
00:42:01,708 ERROR [STDERR] javax.ejb.AccessLocalException: SecurityException
00:42:01,723 ERROR [STDERR]  at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:384)
00:42:01,723 ERROR [STDERR]  at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:136)
00:42:01,723 ERROR [STDERR]  at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)
00:42:01,723 ERROR [STDERR]  at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:639)
00:42:01,723 ERROR [STDERR]  at org.jboss.ejb.Container.invoke(Container.java:1109)
00:42:01,723 ERROR [STDERR]  at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invokeHome(BaseLocalProxyFactory.java:362)
00:42:01,723 ERROR [STDERR]  at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:133)
00:42:01,723 ERROR [STDERR]  at $Proxy155.create(Unknown Source)
00:42:01,723 ERROR [STDERR]  at com.gap.cs.util.CSFactory.getSecurityInstance(CSFactory.java:375)
00:42:01,723 ERROR [STDERR]  at com.gap.fmr.presentation.servlets.LoginServlet.initServletContext(LoginServlet.java:1300)
00:42:01,723 ERROR [STDERR]  at com.gap.fmr.presentation.servlets.LoginServlet.init(LoginServlet.java:53)
00:42:01,723 ERROR [STDERR]  at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1048)
00:42:01,723 ERROR [STDERR]  at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:777)
00:42:01,723 ERROR [STDERR]  at

And the jboss.xml excerpt:

Thanks!

If you don't need security, then remove the security-domain from the jboss.xml:

Thanks! That resolved the issue.