I am migrating a large JavaEE web app to a multi-module Maven form.
The roles declared for a specific EJB in the ejb-jar.xml are not being seen by that EJB when I run the multi-module web app.
The ejb-jar.xml is identical to the one I had in the single large web app (which worked fine), except for a change in the qualified name (packaging) of the EJB, which has been carefully matched in the new ejb-jar.xml.
The @Resource SessionContext ctx is working: it can see the Principal etc.
It just does not detect any of the roles from the ejb-jar.xml any more, so ctx.isCallerInRole(String) always fails.
I can use @DeclareRoles annotations in the EJB and it works (but that's not an acceptable solution, it's just for diagnosis).
The ejb-jar.xml in the EJB module is at:
.../src/main/resources/META-INF/ejb-jar.xml
Maven builds it to:
.../target/classes/META-INF/ejb-jar.xml
And it definitely makes it into the final target jar for the EJB module (I have even extracted it and checked).
The deployment is to the same Glassfish or Payara server as for the single large web app (where it worked fine).
I am not getting any relevant logged warnings of any kind during deployment.
Grateful for ideas about what else could be preventing the system from apparently catching the ejb-jar.xml on deployment of the multi-module web app project, or for suggestions on how to further diagnose the problem.
EDIT 2017-03-15: I found (after some sleep) that if I copy (or move) the ejb-jar.xml from the EJB module to .../src/main/webapp/WEB-INF/ of the web module it works as expected. But this is not quite a solution, as I want different web modules to be able to use the same EJB module, and also it means that the <security-role> and any <security-role-ref> and <role-link> are in one web module not the EJB module. I am also using the EJB module for REST services (independent of web role context) and want the same role concepts (so defined in the EJB module).
