we have client application which needs to call its server side EJBs
which resides on WLS 8.1
EJBs having permissions assigned to them in deployment descriptor i.e.
their methods can be called only in case user is granted with specific
Everything works as expected and I can invoke EJB method on client
side if I have logged in with correct user/pwd and appropriately
NO_PERMISSION exception is thrown in case user/pwd provided were
This is in case of providing user/pwd as JNDI CREDENTIAL and PRINCIPAL

Now, here is an idea to use JAAS (as WL recommends) for user
I'm using BEAs LoginModule to log user in and it looks it works
correctly i.e logins succeed/fail as expected but now ... how this
would helps to InitialContext which is used to look up EJB instances?
because in case InitialContext is created, lookup is performed and
method is invoked inside of Subject.doAs(subject, PrivilegedAction)
where subject is one obtained when logged in with JAAS and user/pwd is
not provided in a JNDI way this fails with the same
org.omg.CORBA.NO_PERMISSION exception ...
AFAIK: Everything works is in a single thread ... so for now there is
should no be complications with multithreading ...

after browsing newsgroups, docs, examples etc I still have no clear
How credentials obtained within JAAS login are related to those I need
to execute some method of EJB instance obtained via InitialContext ...

Would be appreciated for any clarification or reference to resource
which might answer this question.
JAAS examples provided with WL aren't protected by any
s according to what I see in ejb-jar.xml thus
they cannot fail in case user is just authenticated via JAAS on server

Thank you in advance