EJB 3.0 Preview - Security

Similar Messages

• Warning: EJB  referenced an unknown security role?

  Hello,
  I get a weird error from WL 5.1 (SP6), using the default WLPropertyRealm.
  In the EJB I have the following check:
  if (ctx.isCallerInRole("ConspiratorRole"))
  System.out.println ("the user is in the ConspiratorRole role");
  At run time, I get the following warning in the WL window:
  Fri Nov 10 12:56:58 EST 2000:<I>
  <EJB JAR deployment D:/weblogic/myserver/myBean.jar>
  Warning: EJB "unu" referenced an unknown security role
  However:
  - the role IS defined (see ejb-jar.xml)
  - has an associated principal (see weblogic-ejb-jar.xml)
  - there is a principal defined in weblogic.properties
  - this principal (and this role) is actually used in practice to access the
  bean. Which works.
  So why the warning?
  Any hint appreciated,
  Thanks.
  ejb-jar.xml:
  <assembly-descriptor>
  <security-role>
  <description>description of the ConspiratorRole</description>
  <role-name>ConspiratorRole</role-name>
  </security-role>
  </assembly-descriptor>
  weblogic-ejb-jar.xml:
  <weblogic-ejb-jar>
  <security-role-assignment>
  <role-name>ConspiratorRole</role-name>
  <principal-name>Conspirator</principal-name>
  </security-role-assignment>
  </weblogic-ejb-jar>

  You should not reference the role link in you code.The role link is used to
  connect the role name in you code to the
  role name in your deployment descripment. Only if this link is set up as you
  have done below, will the isCallerInRole return true.
  - Sri
  Alf wrote:
  I reviewed older postings and found indications of what appears to be a bug
  in WL: that isCallerInRole always return false for role names but returns
  correct values if the role names are linked with a reference in
  <security-role-ref>. So, according to the DTD at
  http://edocs.bea.com/wle/dd/ddref.htm#1038338 I added the following in
  ejb-jar.xml:
  <ejb-jar>
  <enterprise-beans>
  <session>
  <security-role-ref>
  <role-name>ConspiratorRole</role-name>
  <role-link>ConspiratorRoleLink</role-link>
  </security-role-ref>
  and added 2 lines in the bean to test the both the role and the reference
  if (ctx.isCallerInRole("ConspiratorRole"))
  System.out.println ("the user is in the ConspiratorRole role");
  if (ctx.isCallerInRole("ConspiratorRoleLink"))
  System.out.println ("the user is in the ConspiratorRoleLink
  role");
  The unexpected result was a NullPointerException at
  weblogic.ejb.internal.BaseEJBContext.isCallerInRole(BaseEJBContext.java:665)
  Can anyone shed some light? Thanks.
  "Alf" <alf> wrote in message news:[email protected]...
  Hello,
  I get a weird error from WL 5.1 (SP6), using the default WLPropertyRealm.
  In the EJB I have the following check:
  if (ctx.isCallerInRole("ConspiratorRole"))
  System.out.println ("the user is in the ConspiratorRole role");
  At run time, I get the following warning in the WL window:
  Fri Nov 10 12:56:58 EST 2000:<I>
  <EJB JAR deployment D:/weblogic/myserver/myBean.jar>
  Warning: EJB "unu" referenced an unknown security role
  However:
  - the role IS defined (see ejb-jar.xml)
  - has an associated principal (see weblogic-ejb-jar.xml)
  - there is a principal defined in weblogic.properties
  - this principal (and this role) is actually used in practice to accessthe
  bean. Which works.
  So why the warning?
  Any hint appreciated,
  Thanks.
  ejb-jar.xml:
  <assembly-descriptor>
  <security-role>
  <description>description of the ConspiratorRole</description>
  <role-name>ConspiratorRole</role-name>
  </security-role>
  </assembly-descriptor>
  weblogic-ejb-jar.xml:
  <weblogic-ejb-jar>
  <security-role-assignment>
  <role-name>ConspiratorRole</role-name>
  <principal-name>Conspirator</principal-name>
  </security-role-assignment>
  </weblogic-ejb-jar>

• Servlet and EJB on different machine: Security propagation

  Hi all,
  I have an application, where my servlets and EJBS are deployed on the same machine.So
  when in my servlet a user need to authenticate himself, security credentials are
  propagated to the EJB automatically.I'd like to know in the case where the components
  are on different machine if I need to put the credential in my InitialContext
  when my servlet calls my EJB or if it is also done automatically.
  Cheers
  romain

  Say your stub is in a jar called stub.jar.
  You need to put that stub somewhere that it can be reached through a protocol for which Java has a URL type - so you can put it on a shared file system and use a file URL or behind an http server and use an http URL.
  Let's use http - put stub.jar at the docroot of a web server.
  Then, when you start your SERVER code, include this VM parameter:
  -Djava.rmi.server.codebase="http://<serveraddress>stub.jar"
  Now your client will be able to use http to load the stub file out of stub.jar through http.
  If you do use a file URL, make sure the shared directory you put your jar in is not on the client's classpath.

• Error running ejb 3.0 preview sample

  I am running the howtoejb30entity sample and I get the following exception
  javax.ejb.EJBException: nested exception is: oracle.oc4j.rmi.OracleRemoteException: java.lang.IllegalArgumentException: Can not PERSIST detatched object: Class:oracle.ejb30.Employee :: empNo:7369 ename:CLERK sal:211.0.; nested exception is:
  java.lang.IllegalArgumentException: Can not PERSIST detatched object: Class:oracle.ejb30.Employee :: empNo:7369 ename:CLERK sal:211.0.
  oracle.oc4j.rmi.OracleRemoteException: java.lang.IllegalArgumentException: Can not PERSIST detatched object: Class:oracle.ejb30.Employee :: empNo:7369 ename:CLERK sal:211.0.
  at com.evermind.server.ejb.EJBUtils.getUserException(EJBUtils.java:338)
  at EmployeeFacade_StatelessSessionBeanWrapper0.addEmployee(EmployeeFacade_StatelessSessionBeanWrapper0.java:91)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.evermind.server.rmi.RMICallHandler.run(RMICallHandler.java:67)
  at com.evermind.server.rmi.RMICallHandler.run(RMICallHandler.java:47)
  at com.evermind.server.rmi.InterceptorCallHandlerWrapper.run(InterceptorCallHandlerWrapper.java:15)
  at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:299)
  at java.lang.Thread.run(Thread.java:595)

  my problem is solved. I was using the EMP table that comes by default in the scott schema. Since this table has more columns than the one the Entity requires (some of which probably have a not null constraint), I got my previsou exception.

• Can't download the Oracle Application Server EJB 3.0 Preview

  Dear Oracle,
  When i press the "Download Here" hyperlink, i got a 30k size zip file and the name of the file is "oracle_ejb3.zip". But i can't unzip it, my operating system pop up an error message box. Please help me to download the software. Thanks a lot!!
  Barnard
  [email protected]

  You're going to need to give us more details. Expand some of those acronyms so we know what you're talking about. Tell us exactly what happens, and what error messages you are getting.

• Security question JAAS: performing EJB lookup and authorized creation how?

  Basic question is:
  How can I perform a lookup from within a servlet to a stateless EJB in the same JVM and apply credentials to this EJB, so method calls perform following the authorization rules supplied on the EJB?
  Trying to get this thing to work leads to:
    javax.ejb.AccessLocalException: anonymous is not allowed to call this EJB method,
         check your security settings (method-permission in ejb-jar.xml and
         security-role-mapping in orion-application.xmlI've checked this over and over, but cannot find any possible cause for the error. I've mapped the logical authorization role from the ejb-jar.xml to a user known in a JAZN resource - so I'm thinking my InitialContext call is wrong.
  Can somebody help me out?

  What version of OC4J are you using?
  Can you post your contents in the ejb-jar.xml for the method permissions for your EJB you are looking up ?
  Also please post the code that looks up the local EJB?
  -Debu

• EJB method security

  I know that it is possible to secure an EJB method by method using ejb-jar.xml or securing them all by specifying <method-name>*</method-name>. I was wondering though how you can easily open up just a few of those methods for use by an anonymous user. I have a large number of methods and was hoping I would only have to specify the ones that need not be secure, instead of securing all of the other ones, one by one.
  Thanks in advance,
  Ted

  Hello,
  It should be pretty simple to open up a few methods for use by an anonymous user.
  In your ejb-jar.xml file add an anonymous user role and add that role to the methods you want to open up
  <assembly-descriptor>
  <security-role>
  <role-name>manger</role-name>
  </security-role>
  <security-role>
  <role-name>anonymous</role-name>
  </security-role>
  <method-permission>
  <!-- open up this method -->
  <role-name>manager</role-name>
  <role-name>anonymous</role-name>
  <method>
  <ejb-name>accountsPayable</ejb-name>
  <method-name>getReceipts</method-name>
  </method>
  </method-permission>
  <assembly-descriptor>
  Of course
  Cheers,
  Hoos
  Message was edited by hoos at Feb 11, 2005 3:40 AM

• Ejb security role & bea implementation

  A role has been defined in ejb-jar as following:
  <security-role>
  <description><![CDATA[Deployer User]]></description>
  <role-name>deployer</role-name>
  </security-role>
  <method-permission>
  <description><![CDATA[Deployer Method Permission]]></description>
  <role-name>deployer</role-name>
  <method>
  <description><![CDATA[All method for CCPStateBean]]></description>
  <ejb-name>CCPStateBean</ejb-name>
  <method-name>*</method-name>
  </method>
  </method-permission>
  If the principal is included in the weblogic-ejb-jar as below, and the jndi lookup
  includes the SECURITY_PRINCIPAL (e.g., jzhu), the code works fine.
  <security-role-assignment>
  <role-name>deployer</role-name>
  <principal-name>jzhu</principal-name>
  </security-role-assignment>
  The problem comes when the principal is not included as above weblogic-ejb-jar
  instead a role "deployer" is defined in WLS's, The user ("jzhu") is defined in
  the deployer group. And the deployer group belongs to deployer role. The defaultRoleMapper
  is enabled. In this scenario, the access failed due to insufficient permission.
  Can ejb-jar's role relates to WLS's role. Please advise. THX.
  -John

  Thanks for the information. It works. I wish bea monitor this newsgroup since this
  is not in their document. By the way, the following links clarifies the relationship
  between DD and admin console security configuration.
  http://edocs.bea.com/wls/docs70/security/cli_apps.html#1090734
  -John
  "Arjuna Chala" <[email protected]> wrote:
  I don't know about "defaultRoleMapper", but this works
  <security-role-assignment>
  <role-name>deployer</role-name>
  <principal-name>deployer</principal-name>
  </security-role-assignment>
  where <role-name> maps to a ejb-jar role and <principal-name> maps to
  a
  weblogic group (in this case).
  "john" <[email protected]> wrote in message
  news:[email protected]..
  A role has been defined in ejb-jar as following:
  <security-role>
  <description><![CDATA[Deployer User]]></description>
  <role-name>deployer</role-name>
  </security-role>
  <method-permission>
  <description><![CDATA[Deployer Method Permission]]></description>
  <role-name>deployer</role-name>
  <method>
  <description><![CDATA[All method for CCPStateBean]]></description>
  <ejb-name>CCPStateBean</ejb-name>
  <method-name>*</method-name>
  </method>
  </method-permission>
  If the principal is included in the weblogic-ejb-jar as below, andthe
  jndi lookup
  includes the SECURITY_PRINCIPAL (e.g., jzhu), the code works fine.
  <security-role-assignment>
  <role-name>deployer</role-name>
  <principal-name>jzhu</principal-name>
  </security-role-assignment>
  The problem comes when the principal is not included as aboveweblogic-ejb-jar
  instead a role "deployer" is defined in WLS's, The user ("jzhu") isdefined in
  the deployer group. And the deployer group belongs to deployer role.The
  defaultRoleMapper
  is enabled. In this scenario, the access failed due to insufficientpermission.
  Can ejb-jar's role relates to WLS's role. Please advise. THX.
  -John

• Use Preview to secure a PDF (read only)

  Hello people,
  I'm looking for a way to secure PDFs with Preview, to allow read only. Normally if one tries to encrypt the PDF from the drop down save as dialog box, Preview secures the whole PDF.
  Similarly Pages can export to PDF but with all necessary options (open document, print, and copy) and that's all that i need. But what if a colleague comes with an already created PDF!?
  Unless i buy Adobe Acrobat Pro for this (which is not going to happen) i'm out of luck.
  Any ideas?
  Thanks,
  Andrei Dica

  I was also wondering about creating 'read only' PDFs in Preview.
  The Security Settings mentioned by Lardlad allow you to set passwords to open the document, to copy parts of it or print all of it, but I can't see any option to prevent it being modified (read only). 

• Using JOINS in EJB 3 preview

  i have tried several combinations from EJB spec and I cannot get any JOIN working:
  Below is a class:
  @Entity
  @Table(name="LINEITEM")
  @NamedQuery(name="findLineItemByProductAndOrder",
            queryString="SELECT l FROM LineItem as l INNER JOIN l.product as p WHERE p.sku = :productId AND l.orderId = :orderId")
  public class LineItem implements Serializable {
       private Integer orderId;
       private Integer quantity;
       private Integer total;
       private Product product;
       @Id
       @Column(name="ORDER_ID", primaryKey=true)
       public Integer getOrderId() {
            return orderId;
       public void setOrderId(Integer orderId) {
            this.orderId = orderId;
       @Id
       @ManyToOne(fetch=FetchType.EAGER )
       @JoinColumn(name="PRODUCT_ID")
       public Product getProduct() {
            return product;
       public void setProduct(Product product) {
            this.product = product;
       @Column(name="QUANTITY")
       public Integer getQuantity() {
            return quantity;
       public void setQuantity(Integer quantity) {
            this.quantity = quantity;
       @Column(name="AMOUNT")
       public Integer getTotal() {
            return total;
       public void setTotal(Integer total) {
            this.total = total;
  When I execute the JOIN, I get:
  05/07/25 15:42:39 Caused by: Exception [TOPLINK-0] (Oracle TopLink - 10g release 3 (10.1.3.0) (Build 050221Dev)): oracle.toplink.exceptions.EJBQLException
  Exception Description: Syntax Recognition Problem parsing the EJBQL [SELECT DISTINCT l.total FROM LineItem as l JOIN l.product as p WHERE p.sku = :productId AND l.orderId = :orderId]. The parser returned the following [unexpected token: JOIN].
  05/07/25 15:42:39      at oracle.toplink.exceptions.EJBQLException.recognitionException(EJBQLException.java:64)
  05/07/25 15:42:39      at oracle.toplink.internal.parsing.ejbql.EJBQLParserBase.reportError(EJBQLParserBase.java:1088)
  05/07/25 15:42:39      at oracle.toplink.internal.parsing.ejbql.antlr272.EJBQLParser.selectStatement(EJBQLParser.java:141)
  05/07/25 15:42:39      at oracle.toplink.internal.parsing.ejbql.antlr272.EJBQLParser.document(EJBQLParser.java:61)
  05/07/25 15:42:39      at oracle.toplink.internal.parsing.ejbql.EJBQLParserBase.parseEJBQLString(EJBQLParserBase.java:1142)
  05/07/25 15:42:39      at oracle.toplink.internal.ejb.cmp3.EJBQueryImpl.buildDatabaseQuery(EJBQueryImpl.java:96)
  05/07/25 15:42:39      at oracle.toplink.internal.annotations.EJBAnnotationsProcessor.addNamedQueriesToSession(EJBAnnotationsProcessor.java:107)
  05/07/25 15:42:39      ... 16 more

  The key words INNER JOIN are new to EJBQL in EJB 3.0. The current EJB 3.0 preview only supports EJBQL 2.1 plus two additional aspects of EJB 3.0.
  Named Parameters
  Bulk Updates.
  Note: You do not need to specify the INNER JOIN as by default all EJBQL joins are inner joins.

• Ejb client error

  Hi, I use jdev 10g. I created a session bean with wizards and after that I created I Ejb client for that bean. When I start the embedded server and run the client java file I get the following error :
  com.evermind.server.rmi.OrionRemoteException: jazn.com/admin is not allowed to call this EJB method, check your security settings (method-permission in ejb-jar.xml and security-role-mapping in orion-application.xml).
       at denemeSessionHome_StatelessSessionHomeWrapper1.create(denemeSessionHome_StatelessSessionHomeWrapper1.java:41)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at com.evermind.server.rmi.RMICallHandler.run(RMICallHandler.java:124)
       at com.evermind.server.rmi.RMICallHandler.run(RMICallHandler.java:48)
       at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
       at java.lang.Thread.run(Thread.java:534)
  at connection to localhost/127.0.0.1 as admin
       at com.evermind.server.rmi.RMIConnection.EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER(RMIConnection.java:1527)
       at com.evermind.server.rmi.RMIConnection.invokeMethod(RMIConnection.java:1480)
       at com.evermind.server.rmi.RemoteInvocationHandler.invoke(RemoteInvocationHandler.java:55)
       at com.evermind.server.rmi.RecoverableRemoteInvocationHandler.invoke(RecoverableRemoteInvocationHandler.java:22)
       at __Proxy0.create(Unknown Source)
       at ejbpackage.denemeSessionClient.main(denemeSessionClient.java:21)
  Process exited with exit code 0.
  all settings are the default ones.
  Anyone has any idea???

  hi
  There was no problem with that... the AdviceClient is not in the package... I needed j2ee.jar and AdviceAppClient.jar to run the client and hte AdviceClient is in C\java\Projects\Advice directory.... can anyone help me with what is wrong with my first command which didnt work ...
  java -classpath c:\Sun\AppServer\lib\j2ee.jar;c:\java\Projects\Advice;c:\java\Projects\AdviceAppClient.jar AdviceClient
  This one worked though....
  java -cp {$CLASSPATH}:"C:\java\Projects\Advice";AdviceAppClient.jar;c:\Sun\AppServer\lib\j2ee.jar; AdviceClient
  I dont know what makes the difference...
  vidhya

• EJB lookup returned stub from a different classloader.

  I've written an EJB for doing authenitcation. This EJB is accessed by an security-mbean (BEA's login module).
  - The EJB is deployed in an EAR.
  - The EJB-stubs are extracted and is included as part of the MBEAN Jar.
  When I hit a webapp causing the EJB lookup to occur, the stub object returned is created by the webapp's classloader. This cause a ClassCastException when trying to cast the returned home interface into the home interface of the MBEAN's classloader.
  Note that all this is happening on the same BEA server running WLS8.1.
  I don't want to put the EJB jar on the system classpath so I can redeploy the EJB, the Application's EAR and the MBEAN to a cluster.
  -alex

  Robert Greig <[email protected]> wrote:
  Thanks for responding to my question, which newsgroup is more appropriate for
  my line of question?
  But before I move this thread, I would like to add:
  I've already handled the recursion problem on top of the ejb-lookup before JNDI
  becomes avaliable (while doing server startup) problem.
  The advantage with the EJB model is this. By changing the host/port configuration,
  I can switch between a local-authentication server or a remote provide authentication
  server network configuration.
  If I were to include the necessary classes in the mbean JAR from our application,
  there maybe resources issues since I now have 2 classloaders loading my server-portion
  of classes. Not sure how that will workout with resources and all. This model
  has the disadvantage of any classes I have in the mbean JAR will require updates
  outside my EAR. This wroks against the EAR deployment model.
  -alex
  Alex Cheung wrote:
  I've written an EJB for doing authenitcation. This EJB is accessedby an security-mbean (BEA's login module).
  - The EJB is deployed in an EAR.
  - The EJB-stubs are extracted and is included as part of the MBEANJar.
  This isn't a good approach. You are pretty much stuffed mainly for the
  reasons you outline.
  Also note that if you continue to go down this road you will have to
  handle the potential recursion (i.e accessing an EJB will invoke a
  security call to your provider!).
  Why do you need to implement this as an EJB? The main advantages of EJBs
  are security and container managed transactions neither of which is
  relevant here surely?
  Robert

• JAAS - EJB

  Hello,
  In my system I going to implement JAAS, all informations about users, groups (every user is join to many groups - group in my system is like role) are stored in protection system (outside system provided by other vendor). I implements LoginModule, CallbackHandler in login() I extract user and groups from my protection system (everything works great), but what next. Where I have to put userid, groupids in order to my EJB Service (SessionBean with <security-role-ref>) knows who calls it (access to SessionBean is remote).
  I consider that it is very simple, but I don't know how, or I totally not understand JAAS.

  CallbackHandler in login() I extract user and groups
  from my protection system (everything works great),
  Then you should be very happy !

• Connect to ejb gf 3 remote.

  Hello I am trying to connect to a remote ejb from tomcat 6 with the ejb residing on glassfish 3.I am using the guide at [glassfish  |https://glassfish.dev.java.net/javaee5/ejb/EJB_FAQ.html#nonJavaEEwebcontainerRemoteEJB] for advice.
  My servers tomcat 6 and glassfish 3 are running on different ports and are on the same machine running on localhost.I want to get the most current technique to connect to a ejb in glassfish 3.I have tried to implement and use parts of tutorials but have not found one answer sufficient to my use.
  I am using netbeans 6.9.I have followed he steps laid out in the glassfish guide.I have read to just include the gf-client.jar file which includes links to needed files.
  here STEP 3:
  "Note that the Java EE 6 API classes are automatically included by gf-client.jar so there is no need to explicitly add javaee.jar to the classpath. gf-client.jar refers to many other .jars from the GlassFish installation directory so it is best to refer to it from within the installation directory itself rather than copying it(and all the other .jars) to another location."
  This is what I am doing.
  I have tried using the appserv-rt.jar file to remove the java.lang.ClassNotFoundException: com.sun.enterprise.naming.SerialInitContextFactory.Though I don`t know the best way in that I got another error.
  What library files do I include and where do I include them.I have included my ejb netbeans ejb.jar file so I just need the right libraries in the right places.Please offer you opinion and suggestions.
  calling code
  Context ic = null;
              Properties props = new Properties();
              props.setProperty("java.naming.factory.initial",
                      "com.sun.enterprise.naming.SerialInitContextFactory");
              props.setProperty("java.naming.factory.url.pkgs",
                      "com.sun.enterprise.naming");
              props.setProperty("java.naming.factory.state",
                      "com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl");
              // optional.  Defaults to localhost.  Only needed if web server is running
              // on a different host than the appserver
              props.setProperty("org.omg.CORBA.ORBInitialHost", "localhost");
              // optional.  Defaults to 3700.  Only needed if target orb port is not 3700.
              props.setProperty("org.omg.CORBA.ORBInitialPort", "3700");
              ic = new  InitialContext(props);
           try{
              ExpoServiceFacadeRemote foo = (ExpoServiceFacadeRemote)ic.lookup(ExpoServiceFacadeRemote.class.getName());
              foo.toString();
          } catch (Exception e) {
              e.printStackTrace();
          } finally {
              out.close();
      }here I got an error in
  ic = new  InitialContext(props);
  SEVERE: null
  javax.naming.NoInitialContextException: Cannot instantiate class: com.sun.enterprise.naming.SerialInitContextFactory [Root exception is java.lang.ClassNotFoundException: com.sun.enterprise.naming.SerialInitContextFactory]
          at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:657)
          at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
          at javax.naming.InitialContext.init(InitialContext.java:223)
          at javax.naming.InitialContext.<init>(InitialContext.java:197)
          at Controller.com.processRequest(com.java:62)
          at Controller.com.doGet(com.java:89)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
          at java.lang.Thread.run(Thread.java:619)
  Caused by: java.lang.ClassNotFoundException: com.sun.enterprise.naming.SerialInitContextFactory
          at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1645)
          at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1491)
          at java.lang.Class.forName0(Native Method)
          at java.lang.Class.forName(Class.java:247)
          at com.sun.naming.internal.VersionHelper12.loadClass(VersionHelper12.java:46)
          at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:654)
          ... 19 more

  Thanks gimbal2, i did what you said it is easier.I am also doing a programmatic login to glassfish 3 file realm I have set up. It works though it does not know my role i defined puzzling?
  my user is orders.I previously did a login from a packaged war in my j2ee netbeans application.It worked by defining in sun-web.xml and the web.xml the role.But just defining the role in the sun-ejb-jar.xml doesn`t work for finding the user logged in role.
  Where should I define my role for orders?
  sun-ejb-jar.xml
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 EJB 3.1//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_1-0.dtd">
  <sun-ejb-jar>
    <enterprise-beans/>
     <security-role-mapping>
      <role-name>admin</role-name>
      <principal-name>orders</principal-name>
    </security-role-mapping>
  </sun-ejb-jar>
     @Resource
      SessionContext sessionContext;
    @WebMethod(operationName = "authenticate")
      public String authenticate(@WebParam(name = "username") String username,
                                          @WebParam(name = "password") String password) {
          String re_result = "";
          ProgrammaticLogin programmaticLogin = new ProgrammaticLogin();
          try {
              if (programmaticLogin.login(username, password, "file", false)) {
                  if (sessionContext.isCallerInRole("admin")) {
                       re_result = sessionContext.getCallerPrincipal().getName();
              } else {
                  re_result = "No";
          } catch (Exception ex) {
              Logger.getLogger(ExpoFacade.class.getName()).log(Level.SEVERE, null, ex);
          return re_result;
      }you see this line never gets executed
     re_result = sessionContext.getCallerPrincipal().getName();Please inspect and offer you advice
  cheers
  Edited by: Nital Faxing on Nov 4, 2010 8:24 PM

• [beginner] Creating a secure Java client

  Hi all,
  I have a Java application whose presentation tier is JSP, middle tier is EJB and it's secured with HTTPS.
  Now I need to write a Java desktop application which connects to the EJB tier. How can I secure the communication between the Java application and the middle tier ?
  If client uses Secure Sockets (SSL), can I use the same certificates that the web application uses ?
  I'd like to use a central point of security both for the web client and for the desktop client.......
  Any help ?
  Thanks
  Francesco

  Pedja thanks for reply.
  I still dont understand what is wrong with my example.
  The first peace of the code i wrote (getting the reference to the remote interface object) works pretty well, and even more it is produced automatically by JDeveloper, so why we cant get a reference to the local interface object the same way?
  Certanly we should use the local interface for getting access to the resource functioning under the same local jvm and i think it doesnt metter wich app server we really use wls or oas or others
  Thanks. Alex.