Unitl you can find a solution, I patched the SimpleSecurityManager because of this problem we are massive hindered during our development process. Each ejb-call forces a call to a complex login module.
I changed the methode SimpleSecurityManager.establishSecurityContext like this :
{code}
private static SecurityContext establishSecurityContext(final String securityDomain) {
// Do not use SecurityFactory.establishSecurityContext, its static init is broken.
try {
final AuthenticationManager authenticationManager = new JNDIBasedSecurityManagement().getAuthenticationManager(securityDomain);
final SecurityContext securityContext = SecurityContextFactory.createSecurityContext(securityDomain);
if (authenticationManager != null) {
final ISecurityManagement delegate = securityContext.getSecurityManagement();
securityContext.setSecurityManagement(new ISecurityManagement() {
@Override
public MappingManager getMappingManager(String securityDomain) {
return delegate.getMappingManager(securityDomain);
}
@Override
public JSSESecurityDomain getJSSE(String securityDomain) {
return delegate.getJSSE(securityDomain);
}
@Override
public IdentityTrustManager getIdentityTrustManager(String securityDomain) {
return delegate.getIdentityTrustManager(securityDomain);
}
@Override
public AuthorizationManager getAuthorizationManager(String securityDomain) {
return delegate.getAuthorizationManager(securityDomain);
}
@Override
public AuthenticationManager getAuthenticationManager(String securityDomain) {
return authenticationManager;
}
@Override
public AuditManager getAuditManager(String securityDomain) {
return delegate.getAuditManager(securityDomain);
}
});
}
SecurityContextAssociation.setSecurityContext(securityContext);
return securityContext;
} catch (Exception e) {
throw new SecurityException(e);
}
}
{code}
Does not look good, but is a workaround for us.