André Simões [http://community.jboss.org/people/asimoes] created the discussion
"Security question about DatabaseServerLoginModule and SOAPFaultException" To view the discussion, visit: http://community.jboss.org/message/567219#567219 -------------------------------------------------------------- Hi. I want to know how can i solve the SOAPFaultException error that jboss send when a valid user try to access to a role that do not belong to it. Example of code exception with a C# client @WebContext(contextRoot = "/HeComm", transportGuarantee = "NONE", authMethod = "BASIC", secureWSDLAccess = false) @SecurityDomain("DBLogin") @PermitAll @RolesAllowed({"admin", "ws"}) public class WebSecurityBean implements WebSecurity{ @WebMethod @RolesAllowed({"admin"}) public String echoForAdministrator(String str) { checkPrincipal(); log.debug(str); return str; } @WebMethod @PermitAll public String echoForAll(String str) { checkPrincipal(); log.debug(str); return str; } @WebMethod @DenyAll public String echoForNobody(String str) { checkPrincipal(); log.debug(str); return str; } @WebMethod @RolesAllowed({"ws"}) public String echoForUser(String str) { checkPrincipal(); log.debug(str); return str; } @WebMethod @RolesAllowed({"ManageUsers"}) public String echoForManageUsers(String str) { checkPrincipal(); log.debug(str); return str; } } If my C# client have invalid user or password, jboss sends a message telling that. If my C# client hava valid user a password, jboss throws an exception in methods that are not allowed to my user role. My user have role "ws" and if i call method echoForAdministrator or echoForNobody or echoForManageUsers I got an exception that starts like this: ERROR [SOAPFaultHelperJAXWS] SOAP request exception javax.ejb.EJBAccessException: Caller unauthorized at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:199) . . . . In C# i got an exception that is ok, the user are not allowed to use this method, but why jboss receive an error exception from soap? Can I do something to eliminate this exception? I'm using JBOSS 5.10 and authentication on oracle db. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/567219#567219] Start a new discussion in EJB 3.0 at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2029]
_______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
