I have Session EJBs and makes secure and provide the permission to each method. I am using UsersRoleLoginModule which
jboss uses default. I included security domain in jboss.xml file.
<security-domain>
java:/jaas/other</security-domain>
I am using standalone client which calls this
ejb by passing username and password. For that I have done some changes in code with respect to JBOSS. Previously it was login in the Websphere. Below is the code for JBOSS�
String securityDomain = "other";
//Customize the callback handler to set username and password for login.
CallbackHandler callbackHandler = new CustomCallbackHandler(username, password);
//Lookup the security domain and retrieve the LoginContect reference
LoginContext lc = new LoginContext( securityDomain, callbackHandler );
//Login to domain.
lc.login();
I checked my client it is working fine with this code and able to authenticate and Authorize my process.
After I made EJB secure in JBOSS then my web client is not able to communicate with EJB. I am trying to authenticate and authorize from WEB so the
servlet is not able to invoke my secure EJB. I am getting below exception.
java.rmi.AccessException: SecurityException; nested exception is:
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:370)
I would be grateful for any suggestions.
