Hi,
i try to secure my EJB's and then access them from a standalone
java-client using the following connection properties
props.setProperty("java.naming.factory.initial","org.openejb.client.RemoteInitialContextFactory");
props.setProperty("java.naming.provider.url", "127.0.0.1:4201");
props.setProperty("java.naming.security.principal", "system");
props.setProperty("java.naming.security.credentials", "manager");
specified the role in ejb-jar.xml
<security-role>
<role-name>AdminRole</role-name>
</security-role>
<method-permission >
<role-name>AdminRole</role-name>
<method >
<ejb-name>Manager</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
and then mapped the role in openejb-jar.xml
<security:security>
<security:default-principal>
<security:principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="Anonymous" />
</security:default-principal>
<security:role-mappings>
<security:role role-name="AdminRole">
<security:principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="admin"/>
</security:role>
</security:role-mappings>
</security:security>
Still i receive a "java.rmi.AccessException: access denied
(javax.security.jacc.EJBMethodPermission Manager create,Home,)".
In the chapter EJB-Security (page 299) of his book (PDF) Aaron Mulder
wrote that there is a "security-realm-name" element, but this is not
included in the XSD and therefore deployment fails.
Is there another way to specify the security realm (to authenticate
users against) in the file openejb-jar.xml, as in geronimo-web.xml?
Thanks for your help, Joerg Friede
