Pablo Fraga [http://community.jboss.org/people/pablo.fraga1975] created the discussion "Re: Secure access to an EJB3.0" To view the discussion, visit: http://community.jboss.org/message/589282#589282 -------------------------------------------------------------- Wolfgang, Thanks for your reply! I was trying to understand the example, but honestly i lost my self in the jboss-client.xml descriptor, i don't understand which resource ref do i have to map in that file and for what? I thought it would be easier to call an EJB3 from another client EJB3 using security in JBossAS 4.2.3, just like in the example of JBossAS 5: *SecurityClient securityClient = SecurityClientFactory.getSecurityClient();* *securityClient.setSimple("caja", "password");* *securityClient.login();* *InitialContext ctx = new InitialContext();* Maybe i mess up myself, but i will try to explain my problem with an example: First i have an EJB3, annotated with security annotations: @Stateless(name = "ProxyIMMEJB") *@SecurityDomain("other")* *@RolesAllowed("architect")* @Local(value = ProxyIMMLocal.class) public class ProxyIMMEJBImpl implements ProxyIMMLocal {     @Resource SessionContext ctx; *@RolesAllowed("architect")*     public RespuestaIMMTO comprarTicket(TicketTO ticketTO) throws ... {         Principal cp = ctx.getCallerPrincipal();         log.debug("Principal's name: " + cp.getName());         ...     } } As you can see "other" indicates that i use JBoss's default authentication mechanism defined in login-config.xml situated in JBOSS_HOME\server\default\conf directory. In my case of "other", login-config.xml uses 2 properties files: users.properties and roles.properties with the following contents: login-config.xml    <application-policy name = "other">       <authentication>           <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"              flag = "required">               <module-option name="usersProperties">props/users.properties</module-option>               <module-option name="rolesProperties">props/roles.properties</module-option>               <module-option name="unauthenticatedIdentity">anonymous</module-option>           </login-module>        </authentication>    </application-policy> users.properties caja=password roles.properties caja=architect In another EJB3 client, i tried to call the ProxyIMMEJB bean using standard security code: Properties env = new Properties(); *env.setProperty(Context.SECURITY_PRINCIPAL, "caja");* *env.setProperty(Context.SECURITY_CREDENTIALS, "password");* env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory"); env.setProperty(Context.PROVIDER_URL, "localhost:1099"); InitialContext ctx = new InitialContext(); try {    ctx = new InitialContext(env);    proxyIMM = (ProxyIMMLocal) ctx.lookup("estar/ejb/ProxyIMM/local"); } catch (NamingException e) {    // TODO Auto-generated catch block    e.printStackTrace(); } Soon i realized, security context was not propagated because i got "javax.ejb.EJBAccessException: Authorization failure" and confirmed later changing @*RolesAllowed("architect")* with *@PermitAll* and debugging principal's name.         Principal cp = ctx.getCallerPrincipal();         log.debug("Principal's name: " + cp.getName()); This gave me anonymous. In my scenario, the complete example that you wrote applies? or there is a easiest way? Thank you very much for your patience! Pablo. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/589282#589282] Start a new discussion in Beginner's Corner at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]