[JBoss-user] Help with security config problem!

Fri, 15 Aug 2003 19:06:28 -0700

I've been attempting to get security turned on for a project and have gotten stumped.

I can get the principal and creds back to the ejb server from my test java client. It
will even authenticate off of the jboss.UsersRolesLoginModule and/or my
own login module correctly. But for the life of me I cannot get the
server to see that i have set up method permissions.

My test client is getting a LoginContext succesfully and then just calling an echo method on the
ApplicationBean session bean for testing. When the client calls appbeanhome.create() to
get a remote object jboss spits out:



18:15:31,610 ERROR [SecurityInterceptor] No method permissions assigned to method=create, interface=HOME
18:15:31,619 ERROR [LogInterceptor] EJBException, causedBy:
java.lang.SecurityException: No method permissions assigned to method=create, interface=HOME
.
.
.

After looking at the jboss source for SecurityInterceptor (and from some testing of my
own) it looks like the isVaid() method is getting called correctly.

Anyone see a mistake in my deploy desc?

Thanks!


dave

-----------------------------------------------------------------------------------------------------------------------------


Here's my setup:

JBoss 3.2.0, 3.2.1 and 3.2.2RC2

jboss.xml has:
   <security-domain>java:/jaas/other</security-domain>
   <unauthenticated-principal>Unknown</unauthenticated-principal>

This is also reflected in the login-config.xml file.


ejb-jar.xml has a big pile of beans but these are the ones i've been testing against.:

<ejb-jar>
<enterprise-beans>
<session>
<ejb-name>ApplicationBean</ejb-name>
<home>com.dave.gdscs.server.ejb.ApplicationHome</home>
<remote>com.dave.gdscs.server.ejb.Application</remote>
<ejb-class>com.dave.gdscs.server.ejb.ApplicationBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<ejb-ref>
<ejb-ref-name>ejb/NetworkServiceSession</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type>
<home>com.dave.gdscs.server.net.ejb.NetworkServiceSessionHome</home>
<remote>com.dave.gdscs.server.net.ejb.NetworkServiceSession</remote>
<ejb-link>NetworkServiceSession</ejb-link>
</ejb-ref>
<security-role-ref>
<role-name>User</role-name>
<role-link>User</role-link>
</security-role-ref>
<security-role-ref>
<role-name>Admin</role-name>
<role-link>Admin</role-link>
</security-role-ref>
<security-role-ref>
<role-name>Internal</role-name>
<role-link>Internal</role-link>
</security-role-ref>
<security-identity><use-caller-identity/></security-identity>
<!--
<security-identity>
<run-as>
<role-name>Internal</role-name>
</run-as>
</security-identity>
-->
</session>
<session>
<ejb-name>AccountManager</ejb-name>
<home>com.dave.gdscs.server.account.ejb.AccountManagerHome</home>
<remote>com.dave.gdscs.server.account.ejb.AccountManager</remote>
<ejb-class>com.dave.gdscs.server.account.ejb.AccountManagerBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<ejb-local-ref>
<ejb-ref-name>ejb/AccountLocalHome</ejb-ref-name>
<ejb-ref-type>Entity</ejb-ref-type>
<local-home>com.dave.gdscs.server.account.ejb.AccountLocalHome</local-home>
<local>com.dave.gdscs.server.account.ejb.AccountLocal</local>
<ejb-link>AccountBean</ejb-link>
</ejb-local-ref>
<security-role-ref>
<role-name>User</role-name>
<role-link>User</role-link>
</security-role-ref>
<security-role-ref>
<role-name>Admin</role-name>
<role-link>Admin</role-link>
</security-role-ref>
<security-role-ref>
<role-name>Internal</role-name>
<role-link>Internal</role-link>
</security-role-ref>
<security-identity>
<run-as>
<role-name>Internal</role-name>
</run-as>
</security-identity>
</session>
</enterprise-beans>

   <relationships>
    <!-- removed for space -->
   </relationships>
   <assembely-descriptor>
       <security-role>
           <role-name>Admin</role-name>
       </security-role>
       <security-role>
           <role-name>User</role-name>
       </security-role>
       <security-role>
           <role-name>Internal</role-name>
       </security-role>
       <method-permission>
           <role-name>Internal</role-name>
           <role-name>Admin</role-name>
           <role-name>User</role-name>
           <method>
               <ejb-name>ApplicationBean</ejb-name>
               <method-name>*</method-name>
           </method>
           <method>
               <ejb-name>AccountManager</ejb-name>
               <method-name>*</method-name>
           </method>
       </method-permission>
       <container-transaction>
           <method>
               <ejb-name>ApplicationBean</ejb-name>
               <method-name>*</method-name>
           </method>
           <method>
               <ejb-name>AccountManager</ejb-name>
               <method-name>*</method-name>
           </method>
           <trans-attribute>Required</trans-attribute>
       </container-transaction>
   </assembely-descriptor>
</ejb-jar>



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to