public class ContactListApp extends Appcliation
{
private final Window mainWindow;
@Override
public void init()
{
System.out.println("ContactListApp init() called....");
mainWindow = new Window("Contact List App");
setMainWindow(mainWindow);
// Call the EJB (this succeeds)
getContacts();
Button buttonRefreshContacts = new Button("refresh contact list");
buttonRefreshContacts.addListener(new Button.ClickListener() {
private static final long serialVersionUID = 5019806363620874205L;
public void buttonClick(ClickEvent event)
{
// call the EJB (this fails with javax.ejb.AccessLocalException: Client not authorized for this invocation)
getContacts();
}
});
mainWindow.addComponent(buttonRefreshContacts);
}
private @Nonnull List<Contact> getContacts()
{
try
{
// Can't use @EJB on this project
final Context context = new InitialContext();
final ContactEjbBean contactEjbBean = context.lookup(ContactEjbBean.class.getName());
final List<Contact> contacts = contactEjbBean.getContacts();
System.out.println("Number of contacts: " + contacts.size());
return Collections.unmodifiableList(contacts);
}
catch (final NamingException ex)
{
System.out.println(ex);
}
}
}
App is deployed as a portlet in Liferay 5.2.3 running Glassfish v2.
Since the first EJB call succeeds, its reasonable to assume security is configured properly in web.xml (security-constraint, login-config, security-role, …) and with @RolesAllowed on the EJB. I have NOT tried this outside of liferay.
If someone else can create a similar app, running against the same platform that works, that would be great.
Hopefully this rings a bell and its programming error on my part.
Cheers