Are you using the default user manager (the using the principal files)?
In that case it is easy to check what's happening by adding
roleManager.store() in your code. That'll store all your changes in the
principal files. After that it's piece of cake to check the relations.
'user123' should be member of one of the groups that are mapped you your
'bar' role (i.e bar group).
I can remember I struggled some time ago with the RoleManager and the
UserManager as well. After a while I realized that the offer RoleManagement
plus some convenience methods (like createPrincipal) which sometimes gets
confusing.
The UserManager should manage users and groups, the RoleManager manages
roles and stores changes to persistence (why can't you do that using the
UserManager ?).
[Early postings to this list clarify also some of these issues]
FE
On Tuesday, May 08, 2001 3:53 PM, Armin Michel
[SMTP:[EMAIL PROTECTED]] wrote:
> Following situation:
>
> - I restricted method permission of method "foo" to role "bar"
> - if I do:
>
> roleManager.addToRole(ctx.getCallerPrincipal(),"bar");
> foo();
>
> everything works just fine.
>
> - if I create a (temporary) user (e.g. user123), add him to role "bar"
then
> log him in with the RoleManager and finally do a foo(), I get as
> security-exception. (see below).
>
> Why?
> Are there some default-roles that I have to add a newly created user to?
> Are there any further group-permissions I've got to set for group "bar"?
> (I took the permissions of group "users").
>
>
> For completeness:
> - I have also created a group named "bar" (in principal.xml) and
specified a
> security-role-mapping (in orion-ejb.xml).
> - Furthermore I added a security-role definition for "bar" in both the
> application.xml and the ejb-jar.xml
> - I have also tried the "<default-ejb-caller-role>" role and then
> changed the default-method-access to role "bar".
> - I also tripple checked that ctx.isCallerInRole("bar") returns true;
> just the line before I call foo().
>
>
> The exception:
>
> [java] javax.transaction.TransactionRolledbackException:
> com.evermind.server.rmi.OrionRemoteException: user123 is not allowed to
call
> this EJB method, check your security settings (method-permission in
> ejb-jar.xml and security-role-mapping in orion-application.xml).
> [java] at com.evermind.server.rmi.bb.invokeMethod(JAX)
> [java] at com.evermind.server.rmi.a2.invoke(JAX)
> [java] at com.evermind.server.rmi.a3.invoke(JAX)
>
> Ideas, or even solutions?
>
> Armin Michel
>
