I have an enterprise app installed under weblogic 8.1 that uses J2EE security. We log into the web container (j_security_check), the security context (SC1) is properly propagated to the ejb container. So far so good.
From an EJB, I must call another EJB in a remote application server that is Weblogic 7.0.4. To do this I explicitely specify the parameters to open the InitialContext on the remote server. These parameters are Context.PROVIDER_URL, Context.INITIAL_CONTEXT_FACTORY, Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS.
The remote weblogic server does not know the security context in the local weblogic server (SC1), this is why I specify the principal/credentials pair that is valid on the remote server.
I can create the InitialContext, I can lookup the Home interface of the EJB in the remote server, but when I call homeObj.create() to create a Stub to an EJB instance, the remote server throws a "java.lang.SecurityException: Invalid Subject, principals=[<principals from the local weblogic server>]".
Which means that the local security context is propagated to the remote weblogic server, although I have explicitely specified it as the parameters to the InitialContext.
Can anybody help me to solve this problem?
Thanks in advance, I hope the above description is clear enough.