Hi,
I start to use Orion 1.4.5 which seems to be a great product.
To get things started I ported our show-case J2EE application (a
conference management tool) over to Orion and I am almost done. Except
for this problem:
Whenever I call an EJB method I get the following exception:
---8<---
com.evermind.server.rmi.OrionRemoteException: falk is not allowed to
call this EJB method, check your security settings (method-permission in
ejb-jar.xml and security-role-mapping in orion-application.xml).
at com.livis.livingtalks.model.LTUtils.handleException(LTUtils.java:72)
at com.livis.livingtalks.model.LTUtils.createManage(LTUtils.java:163)
at com.livis.livingtalks.web.TypeWebImpl.<init>(TypeWebImpl.java:24)
at /types.jsp._jspService(/types.jsp.java:35)
...
--->8---
(Tracking in the code it is a a create()-method on the home-interface of
the 'ManageBean'. It is the first bean method called - so no method
presumable may be invoked.)
User 'falk' is a valid user which I configured and which I have
successfully logged in on the web tier.
User 'falk' has the following mapping in the corresponding files:
ejb-jar.xml (for the ManageBean which contains the EJB method):
---8<---
<method-permission>
<role-name>master</role-name>
<method>
<ejb-name>ManageBean</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
--->8---
orion-application.xml:
---8<---
<security-role-mapping name="master">
<group name="ltroot" />
</security-role-mapping>
--->8---
principal.xml:
---8<---
<principals>
<groups>
<group name="ltroot">
<description>ltroot</description>
<permission name="rmi:login" />
<permission name="com.evermind.server.rmi.RMIPermission" />
</group>
...
</groups>
<users>
<user username="falk" password="123">
<description>The master</description>
<group-membership group="ltroot" />
</user>
...
</users>
</principals>
--->8---
This should mean that 'falk' is logged in and is in role 'master' and
may execute any method in the ManageBean.
Where is the problem????
Without any roles and corresponding mappings everything works ok.
It works fine, eg. in Sun's RI with roles.
I tried without '<permission name="rmi...' - no change.
I run out of ideas. Any help?
I also cannot see any documentation, sample code, not on orionserver or
orionsupport or the security-primer.
Thanks,
Falk
--
Dr. Falk Langhammer
Living Pages Research GmbH
Holzstr. 19 D-80469 Munich, Germany
mailto:[EMAIL PROTECTED] http://www.living-pages.de
Phone +49 (89) 260 255 32 Fax +49 (89) 260 255 35
Mobil +49 (171) 79 39 667
mailto:[EMAIL PROTECTED] (urgent SMS with subject header)
