>From the FAQ:
Q1: Why cannot I access an ejb that has unchecked method permissions?
A1: The unchecked method permission only removes the requirement that the call
have sufficient permissions in terms of roles. The caller still has to be an
authenticated caller. If you don't care about caller authentication, use the
unauthenticatedIdentity option of the security domain login module to grant
anonymous callers a fixed identity.
I (think I) did just what this says:
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="unauthenticatedIdentity">guest</module-option>
</login-module>
<login-module code="org.jboss.security.ClientLoginModule" flag="required"/>
I still get:
java.rmi.AccessException: SecurityException; nested exception is:
java.lang.SecurityException: Insufficient method permissions, principal=null,
ejbName=SiteServices, method=create, interface=HOME, requiredRoles=[],
principalRoles=[]
Why "principal=null"? Shouldn't principle always be at least guest?
I also tried adding this to my jboss.xml file, to no end:
guest
There are a couple of points I find confusing, though, so perhaps the answer to
one of these
questions will help solve the problem.
(1) When I say I want unauthenticatedIdentity to be "guest", does there need to
actually be a user named "guest" defined for my security realm (i.e. in this
case, in my users.properties file)? I am closely following the examples in a
book called "JBoss At Work", and their example doesn't show that there is a
need for this. I did try addding such a user, but it didn't help.
(2) In ejb-jar, I defined a security role "guest", as per the book:
<security-role>
<role-name>guest</role-name>
</security-role>
I then assigned "guest" security to my EJB:
<method-permission>
<role-name>guest</role-name>
<ejb-name>SiteServices</ejb-name>
<method-name>*</method-name>
</method-permission>
Is "guest" some kind of a reserved word in this case? If not, then I don't
understand why a made-up user called "guest" would also have a role named
"guest". Do I need to create a guest user in my properties file and give it a
role called "guest"?
I also tried it without the method-permission element; same result.
Methods I've tagged as requiring an actual role do work when I'm logged in as a
user with that role, so I'm doing something right. Just need to crack this
guest thing.
Thanks.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3918796#3918796
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3918796
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
