I did a fresh install of JBoss-2.4.1_Tomcat-3.2.3. Just in case, I made copies
of all the subdirs of "jboss/conf" (adding ".save" to the name). I modified
the "tomcat" configuration to match the need for my prototype application. I
was able to deploy it, and verify both the EJB and Servlet sides worked.
Then, I downloaded the JAAS-howto example from JavaWorld, associated with Scott
S.'s JAAS article. I changed the "build.xml" to point to my distribution, and
I was able to build and deploy the sample code.
I then brought down JBoss and started it again (with "run jaas_howto").
I started up my browser, and I visited
<http://localhost:8080/jaas-example1/index.html> and the display matched the
article.
I then clicked on the first link, according to the article, and entered "java"
for the username and "echoman" for the password, still according to the
article.
Then, I pressed Return. At that point, the login dialog went away and
immediately redisplayed. The "username" field still had "java", but the
password field was blank. I tried this several times, with the same results.
The article said I should see a "EJBServlet Accessed" page at this point.
When I cancel the login dialog, the page goes blank, but the URL field shows
<http://localhost:8080/jaas-example1/restricted/SecureServlet?method=echo>.
I then pressed BACK to get back to the index.html page. I tried the first link
again, with the same results.
I then tried links 2, 3, 4, with the same results. When I tried link 5, I got
an exception page about "javax.servlet.ServletException: Failed to call
SecuredEJB.echo", with a root cause exception of "java.rmi.RemoteException:
checkSecurityAssociation; nested exception is: java.lang.SecurityException:
Insufficient method permissions". I then pressed BACK.
I then tried link 1 again, and it went immediately to the "EJBServlet Accessed"
page. The same thing happens with links 2 and 6. Links 3, 4, and 5 still fail
with the same exception.
Here's the output from my server console, starting with the "Started in" line.
The next three lines appeared when I clicked on link 5, and the lines after
that appeared when I clicked on link 1 after pressing BACK after getting the
exception on link 5.
----------------------------------
[Default] JBoss 2.4.1 Started in 0m:12s
[Default] User 'nobody' authenticated.
[PublicSession] Insufficient method permissions, principal=null,
method=create,requiredRoles=[Coder, Echo]
[Default] User 'java' authenticated.
[Default] PublicSessionBean.ejbCreate() called
[Default] PublicSessionBean.echo, arg=Hello
[Default] PublicSessionBean.echo, callerPrincipal=caller_java
[Default] PublicSessionBean.echo, isCallerInRole('EchoUser')=true
[Default] PrivateSessionBean.ejbCreate() called
[Default] PublicSessionBean.echo, created PrivateSession
[Default] PrivateSessionBean.echo, arg=Hello
[Default] PrivateSessionBean.echo, callerPrincipal=caller_java
[Default] PrivateSessionBean.echo, isCallerInRole('InternalUser')=false
[Default] PublicSessionBean.ejbCreate() called
----------------------------------
I tried this with both IE and Mozilla, and they behaved identically, wrt when
the login dialog was displayed.
--
===================================================================
David M. Karr ; Best Consulting
[EMAIL PROTECTED] ; Java/Unix/XML/C++/X ; BrainBench CJ12P (#12004)
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
