There was an other method permission set on findByPrimaryKey().
Orion obviously calls this method for a remote object when you call a
remote-method on that object (presumably for uptodate-checks).
Thus a remote-method may only be invoked by a user that belongs to roles for
both the remote-method in question and for any subsequently needed
Home/Remote methods.
Pretty obvious when you look at it that way, isn't it?
Only methods implicitly called by OrionServer are not always that obvious. ;-)
Yours
Armin Michel
On Tuesday 08 May 2001 15:52, you wrote:
> Following situation:
>
> - I restricted method permission of method "foo" to role "bar"
> - if I do:
>
> roleManager.addToRole(ctx.getCallerPrincipal(),"bar");
> foo();
>
> everything works just fine.
>
> - if I create a (temporary) user (e.g. user123), add him to role "bar" then
> log him in with the RoleManager and finally do a foo(), I get as
> security-exception. (see below).
>
> Why?
> Are there some default-roles that I have to add a newly created user to?
> Are there any further group-permissions I've got to set for group "bar"?
> (I took the permissions of group "users").
>
>
> For completeness:
> - I have also created a group named "bar" (in principal.xml) and specified
> a security-role-mapping (in orion-ejb.xml).
> - Furthermore I added a security-role definition for "bar" in both the
> application.xml and the ejb-jar.xml
> - I have also tried the "<default-ejb-caller-role>" role and then
> changed the default-method-access to role "bar".
> - I also tripple checked that ctx.isCallerInRole("bar") returns true;
> just the line before I call foo().
>
>
> The exception:
>
> [java] javax.transaction.TransactionRolledbackException:
> com.evermind.server.rmi.OrionRemoteException: user123 is not allowed to
> call this EJB method, check your security settings (method-permission in
> ejb-jar.xml and security-role-mapping in orion-application.xml).
> [java] at com.evermind.server.rmi.bb.invokeMethod(JAX)
> [java] at com.evermind.server.rmi.a2.invoke(JAX)
> [java] at com.evermind.server.rmi.a3.invoke(JAX)
>
> Ideas, or even solutions?
>
> Armin Michel
