Following situation:
- I restricted method permission of method "foo" to role "bar"
- if I do:
roleManager.addToRole(ctx.getCallerPrincipal(),"bar");
foo();
everything works just fine.
- if I create a (temporary) user (e.g. user123), add him to role "bar" then
log him in with the RoleManager and finally do a foo(), I get as
security-exception. (see below).
Why?
Are there some default-roles that I have to add a newly created user to?
Are there any further group-permissions I've got to set for group "bar"?
(I took the permissions of group "users").
For completeness:
- I have also created a group named "bar" (in principal.xml) and specified a
security-role-mapping (in orion-ejb.xml).
- Furthermore I added a security-role definition for "bar" in both the
application.xml and the ejb-jar.xml
- I have also tried the "<default-ejb-caller-role>" role and then
changed the default-method-access to role "bar".
- I also tripple checked that ctx.isCallerInRole("bar") returns true;
just the line before I call foo().
The exception:
[java] javax.transaction.TransactionRolledbackException:
com.evermind.server.rmi.OrionRemoteException: user123 is not allowed to call
this EJB method, check your security settings (method-permission in
ejb-jar.xml and security-role-mapping in orion-application.xml).
[java] at com.evermind.server.rmi.bb.invokeMethod(JAX)
[java] at com.evermind.server.rmi.a2.invoke(JAX)
[java] at com.evermind.server.rmi.a3.invoke(JAX)
Ideas, or even solutions?
Armin Michel
