I am trying to track down the cause of an annoying message in glassfish that is polluting our log files.

To simplify our set up, we have 2 glassfish servers running 3.1.2.2.

Server A has a web service deployed on it, using Certificate based security defined using roles in the web service and the mappings in the sun-ejb-jar.xml and sun-application.xml.

Server B has a remote EJB deployed on it, with no security configured.

When calling the remote EJB on server B, from the web service on server A using code like:

Properties props = new Properties();
props.setProperty("java.naming.factory.initial", "com.sun.enterprise.naming.SerialInitContextFactory");
props.setProperty("java.naming.factory.url.pkgs", "com.sun.enterprise.naming");
props.setProperty("java.naming.factory.state", "com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl");
props.setProperty("org.omg.CORBA.ORBInitialHost", server.getServer());
props.setProperty("org.omg.CORBA.ORBInitialPort", Integer.toString(server.getEjb3Port()));
InitialContext ic = new InitialContext(props);

return ((MyIF)ic.lookup(MyIF.class.getName())).doWork();

The log on server A gets the following logged to it, but the EJB call works as expected.

[#|2012-09-20T08:43:42.141+0100|SEVERE|glassfish3.1.2|javax.enterprise.system.core.security.com.sun.enterprise.iiop.security|_ThreadID=26;_ThreadName=Thread-2;|IIOP1002: Principal propagation: Cannot find principal information in subject|#]

Has anyone had any experience of this error and know how to resolve this issue?

The Oracle Documentation on the message is not very helpful.

IIOP1002 Principal propagation: Cannot find principal information in subject

Cause: The principal information is not found in the subject

Action: Please check the config settings for identity propagation

We had a similar problem related to identity propagation, but we got log spam on the server where the remote EJBs were deployed. That would be Server B in your setup. Sample log entry:

[#|2013-06-05T10:36:50.111+0000|SEVERE|glassfish3.1.2|javax.enterprise.resource.corba.com.sun.enterprise.common.iiop.security|_ThreadID=24;_ThreadName=Thread-2;|iiop.importname_exception
java.io.IOException: Invalid Name
    at com.sun.enterprise.iiop.security.GSSUtils.importName(GSSUtils.java:158)
    at com.sun.enterprise.iiop.security.GSSUtilsService.importName(GSSUtilsService.java:63)
    at com.sun.enterprise.common.iiop.security.GSSUPName.<init>(GSSUPName.java:97)
    at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.createIdCred(SecServerRequestInterceptor.java:349)
    at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.receive_request(SecServerRequestInterceptor.java:547)
    at com.sun.corba.ee.impl.interceptors.InterceptorInvoker.invokeServerInterceptorIntermediatePoint(InterceptorInvoker.java:612)
    at com.sun.corba.ee.impl.interceptors.PIHandlerImpl.invokeServerPIIntermediatePoint(PIHandlerImpl.java:612)
    at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.getServantWithPI(CorbaServerRequestDispatcherImpl.java:333)
    at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:196)
    at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequestRequest(CorbaMessageMediatorImpl.java:1624)
    at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:1486)
    at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleInput(CorbaMessageMediatorImpl.java:990)
    at com.sun.corba.ee.impl.protocol.giopmsgheaders.RequestMessage_1_2.callback(RequestMessage_1_2.java:214)        at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:742)
    at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.dispatch(CorbaMessageMediatorImpl.java:539)
    at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.doWork(CorbaMessageMediatorImpl.java:2324)
    at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.performWork(ThreadPoolImpl.java:497)
    at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:540)|#]

We solved it by disabling propagation for the remote EJBs on the server where the remote ejbs are deployed. Unfortunately, it seems we had to do that for every single remote EJB. At least the logs are more readable now. Disabling is done in glassfish-ejb-jar.xml for the ejb-jar file containing the remote ejbs.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-ejb-jar PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 EJB 3.1//EN" "http://glassfish.org/dtds/glassfish-ejb-jar_3_1-1.dtd">
<glassfish-ejb-jar>
    <enterprise-beans>
        <ejb>
            <ejb-name>RemoteEjb1</ejb-name>
            <ior-security-config>
                <sas-context>
                    <caller-propagation>NONE</caller-propagation>
                </sas-context>
            </ior-security-config>
        </ejb>
        <ejb>
            <ejb-name>RemoteEjb2</ejb-name>
            <ior-security-config>
                <sas-context>
                    <caller-propagation>NONE</caller-propagation>
                </sas-context>
            </ior-security-config>
        </ejb>
    </enterprise-beans>
</glassfish-ejb-jar>