I have a security domain declared in jboss.xml and the same sec domain declared in jboss-web.xml. I'm using the JBoss UsersRolesLoginModule for that domain.
When I access the context root for the protected .war I properly see my forms-based login challenge which properly rejects invalid username/passwds and properly accepts a username/passwd in users.properties. I then click on a link which hits things on the EJB side and get this exception: 13:45:12,143 INFO [STDOUT] Caused by: java.lang.SecurityException: Insufficient method permissions, principal=testUser, method=create, interface=HOME, requiredRoles=[], principalRoles=[TestRole1, TestRole2] You can see the JAAS authn worked and the principal is populated with the correct identity and has the required roles. These are the only two roles required anywhere in the application. If the method is being protected and the error is insufficient permissions then why is requiredRoles empty? If the method has no required roles then why is it protected? Is the discrepancy between requiredRoles (empty) and principalRoles (the two required roles) causing the exception? In other words is the decision made on a direct inclusion set compare of the two? If this is the case then the problem is that the requiredRoles are not being properly established. If so how do I do that? If this is not the case then the exception is happening for another reason and I would appreciate a pointer to the light. Thanks, John View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3863978#3863978 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3863978 ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
