-
1. Re: java.lang.SecurityException
luke_t Dec 9, 2001 1:17 PM (in response to twhphan)So it's telling you that you haven't set any permissions for the 'create' method in your ejb-jar.xml file. As in most security setups, you have to explicitly grant access. The default isn't to just allow access.
As for the principal, if you have logged in then it will be the username you logged in with. If you haven't then it will be the 'unauthenticatedIdentity' which you have specified in your auth.conf file. -
2. Re: java.lang.SecurityException
twhphan Dec 10, 2001 11:41 AM (in response to twhphan)Thanks Luke, I set the following:
mysql> select * from UserRole;
+----------+---------------+
| username | roleName |
+----------+---------------+
| twhphan | Administrator |
+----------+---------------+
ejb-jar.xml
===========
<security-role>
<role-name>Administrator</role-name>
</security-role>
<method-permission>
<role-name>Administrator</role-name>
<ejb-name>EJBObj</ejb-name>
<method-name>*</method-name>
</method-permission>
My JSP calls EJBObj, but still gets that error. What do I miss? Thanks again in advance -
3. Re: java.lang.SecurityException
twhphan Dec 10, 2001 11:52 AM (in response to twhphan)Sorry, I got it work, I just notice that I called 2 EJBs on my JSP page, and I didn't set the security for both, thanks
-
4. Re: java.lang.SecurityException
twhphan Dec 10, 2001 3:03 PM (in response to twhphan)Me again, I found that the EJB's secuity works great, but it affects my RMI object.
If I have <security-domain>java:/jaas/domain</security-domain> in my jboss.xml, and I bind a RMI object (JRMP version) with JBoss's JNDI. I get the following error when I attempt to invoke a RMI method
[Default] User 'nobody' authenticated.
[RMIObj] Authentication exception, principal=null
[Default] java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
java.lang.SecurityException: Authentication exception, principal=null
[Default] java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
java.lang.SecurityException: Authentication exception, principal=null
[Default] java.lang.SecurityException: Authentication exception, principal=null
[Default] at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:245)
Note: My RMI object works if I comment out the <security-domain> tag
There's no XML for RMI, and RMI doesn't bound to JBoss' security domain (I guess). Where can I correct this? May I bypass security only for my RMI object?
Thanks