Calling EJB from a WAR inside the same EAR

Question

I am using Glassfish 4. And I have an EAR which has a WAR and a JAR (with the EJBs).

I want to call the EJBs from my WAR but am not really sure if I need to use Local or Remote interfaces.

Inside my JAR , my Bean looks like this :

@Stateless
public class Test implements TestLocal {

    @Override
    public void testing() {
    }
}

And my local :

@Local
public interface TestLocal {
    void testing();
}

Inside my WAR I have a web service and it looks like this :

@WebService(serviceName = "TestWS")
public class TestWS {

    private @EJB TestLocal testBean;

    @WebMethod(operationName = "test")
    public String test() {
    testBean.test();
    }
}

Both of these are packaged into an EAR .

When I call my WebService method I get an AccessLocalException :

Warnung: javax.ejb.AccessLocalException: Client not authorized for this invocation at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1895) at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:210)

Firstly :

• Is this the correct way to call the EJB. Can a WAR inside an EAR use Local interfaces from an included JAR?
• If so then does anyone know what I am doing wrong? Do I need to setup some kind of security configuration?

Answer 1

To look up a remote EJB, it must have a remote interface exposed. Include that remote interface into your war.

The GlassFish documentation has an entry for this error:

javax.ejb.AccessLocalException: Client Not Authorized Error

Description

Role-mapping information is available in Sun-specific XML (for example, sun-ejb-jar.xml), and authentication is okay, but the following error message is displayed:

[...INFO|sun-appserver-pe8.0|javax.enterprise.system.container.ejb|...|
javax.ejb.AccessLocalException: Client not authorized for this invocation.
at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:...
at com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(...)

Solution

Check whether the EJB module (.jar) or web module (.war) is packaged in an application (.ear) and does not have role-mapping information in application level, Sun-specific, sun-application.xml. For any application (.ear), security role-mapping information must be specified in sun-application.xml. It is acceptable to have both module-level XML and application-level XML.

Answer 2

@Remote is usefull if you deploy separately your jar which contain your EJBs on a different server, for example.

There, war and jar are in the same ear so you just have to use the Local annotation.

Tips : since EJB 3.1 interfaces are not required, you can use @LocalBean directly on your "Test" class and remove the TestLocal interface.

To call a ejb method into a class which is your war, you firstly have to create a link between war and jar. Being in the same ear is not enough. If you use Maven, you can simply add the jar reference into your dependencies in the pom of your war.