Some variant of this has got to be one of the top five questions asked
on this list, and it has never been answered. I really, really, really
need a simple answer:
How do I assign security roles to "guest"? Is it even possible?
No matter what I put in the various principals.xml files (and believe
me, I've tried just about everything) I can't seem to allow the
unauthenticated user to call an EJB method. It's driving me insane. My
girlfriend tells me that while sleeping I thrash about mumbilng
"com.evermind.server.rmi.OrionRemoteException: guest is not allowed to
call this EJB method..." I'm not by nature a violent person, but if I
ever meet this "guest", I'm going to reach out and throttle him :-)
I have a reasonably straightforward system which represents users as
entity beans and allows anyone to connect to the system and create an
account. Thus, there must be a moment in time when the user must
interact with the EJB system to create the entity bean *before* he or
she can be logged in. I want to grant "guest" access to a single method
on a single session bean. Why can't I seem to do this? I can't imagine
that this pattern has not been implemented a bazillion times already.
I was able to get everything working before by commenting all
security-related material out of my EJBs' deployment descriptors (thus
leaving the system wide open). Now I'm ready to put security back into
the system, but the web-application <runAs> tag doesn't seem to be
implemented yet. So I want to give a limited security role to "guest".
Heeeeeeelp!
Thanks,
Jeff Schnitzer
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
