I can get the principal and creds back to the ejb server from my test java client. It
will even authenticate off of the jboss.UsersRolesLoginModule and/or my
own login module correctly. But for the life of me I cannot get the
server to see that i have set up method permissions.
My test client is getting a LoginContext succesfully and then just calling an echo method on the
ApplicationBean session bean for testing. When the client calls appbeanhome.create() to
get a remote object jboss spits out:
18:15:31,610 ERROR [SecurityInterceptor] No method permissions assigned to method=create, interface=HOME
18:15:31,619 ERROR [LogInterceptor] EJBException, causedBy:
java.lang.SecurityException: No method permissions assigned to method=create, interface=HOME
.
.
.
After looking at the jboss source for SecurityInterceptor (and from some testing of my
own) it looks like the isVaid() method is getting called correctly.
Anyone see a mistake in my deploy desc?
Thanks!
dave
-----------------------------------------------------------------------------------------------------------------------------
Here's my setup:
JBoss 3.2.0, 3.2.1 and 3.2.2RC2
jboss.xml has: <security-domain>java:/jaas/other</security-domain> <unauthenticated-principal>Unknown</unauthenticated-principal>
This is also reflected in the login-config.xml file.
ejb-jar.xml has a big pile of beans but these are the ones i've been testing against.:
<ejb-jar>
<enterprise-beans>
<session>
<ejb-name>ApplicationBean</ejb-name>
<home>com.dave.gdscs.server.ejb.ApplicationHome</home>
<remote>com.dave.gdscs.server.ejb.Application</remote>
<ejb-class>com.dave.gdscs.server.ejb.ApplicationBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<ejb-ref>
<ejb-ref-name>ejb/NetworkServiceSession</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type>
<home>com.dave.gdscs.server.net.ejb.NetworkServiceSessionHome</home>
<remote>com.dave.gdscs.server.net.ejb.NetworkServiceSession</remote>
<ejb-link>NetworkServiceSession</ejb-link>
</ejb-ref>
<security-role-ref>
<role-name>User</role-name>
<role-link>User</role-link>
</security-role-ref>
<security-role-ref>
<role-name>Admin</role-name>
<role-link>Admin</role-link>
</security-role-ref>
<security-role-ref>
<role-name>Internal</role-name>
<role-link>Internal</role-link>
</security-role-ref>
<security-identity><use-caller-identity/></security-identity>
<!--
<security-identity>
<run-as>
<role-name>Internal</role-name>
</run-as>
</security-identity>
-->
</session>
<session>
<ejb-name>AccountManager</ejb-name>
<home>com.dave.gdscs.server.account.ejb.AccountManagerHome</home>
<remote>com.dave.gdscs.server.account.ejb.AccountManager</remote>
<ejb-class>com.dave.gdscs.server.account.ejb.AccountManagerBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<ejb-local-ref>
<ejb-ref-name>ejb/AccountLocalHome</ejb-ref-name>
<ejb-ref-type>Entity</ejb-ref-type>
<local-home>com.dave.gdscs.server.account.ejb.AccountLocalHome</local-home>
<local>com.dave.gdscs.server.account.ejb.AccountLocal</local>
<ejb-link>AccountBean</ejb-link>
</ejb-local-ref>
<security-role-ref>
<role-name>User</role-name>
<role-link>User</role-link>
</security-role-ref>
<security-role-ref>
<role-name>Admin</role-name>
<role-link>Admin</role-link>
</security-role-ref>
<security-role-ref>
<role-name>Internal</role-name>
<role-link>Internal</role-link>
</security-role-ref>
<security-identity>
<run-as>
<role-name>Internal</role-name>
</run-as>
</security-identity>
</session>
</enterprise-beans>
<relationships> <!-- removed for space --> </relationships> <assembely-descriptor> <security-role> <role-name>Admin</role-name> </security-role> <security-role> <role-name>User</role-name> </security-role> <security-role> <role-name>Internal</role-name> </security-role> <method-permission> <role-name>Internal</role-name> <role-name>Admin</role-name> <role-name>User</role-name> <method> <ejb-name>ApplicationBean</ejb-name> <method-name>*</method-name> </method> <method> <ejb-name>AccountManager</ejb-name> <method-name>*</method-name> </method> </method-permission> <container-transaction> <method> <ejb-name>ApplicationBean</ejb-name> <method-name>*</method-name> </method> <method> <ejb-name>AccountManager</ejb-name> <method-name>*</method-name> </method> <trans-attribute>Required</trans-attribute> </container-transaction> </assembely-descriptor> </ejb-jar>
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user