Another problem with method-permission :(
rsolod Jan 24, 2002 9:37 AMI need to have no security checking for create of EJB session-bean, but other's methods should be secured. So I create a ejb-jar file like this:
<ejb-jar>
<enterprise-beans>
<ejb-name>ClientControllerEJB</ejb-name>
...............
<security-role-ref>
<role-name>trainee</role-name>
<role-link>trainee</role-link>
</security-role-ref>
<security-role-ref>
<role-name>trader</role-name>
<role-link>trader</role-link>
</security-role-ref>
</enterprise-beans>
<assembly-descriptor>
<security-role>
<role-name>trainee</role-name>
</security-role>
<security-role>
<role-name>trader</role-name>
</security-role>
<method-permission>
<role-name>trader</role-name>
<ejb-name>ClientControllerEJB</ejb-name>
<method-name>*</method-name>
</method-permission>
<method-permission>
<role-name>trainee</role-name>
<ejb-name>ClientControllerEJB</ejb-name>
<method-name>*</method-name>
</method-permission>
<method-permission>
<ejb-name>ClientControllerEJB</ejb-name>
<method-name>create</method-name>
</method-permission>
</assembly-descriptor>
</ejb-jar>
BUT! Exception uccured during create, couse user is unsuthenticated. (he is realy not authentificaled yet). Who can help me?
Received throwable with Message: checkSecurityAssociation; nested exception is:
java.lang.SecurityException: Authentication exception, principal=null; nested exception is:
java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
java.lang.SecurityException: Authentication exception, principal=null
javax.transaction.TransactionRolledbackException: checkSecurityAssociation; nested exception is:
java.lang.SecurityException: Authentication exception, principal=null; nested exception is:
java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
java.lang.SecurityException: Authentication exception, principal=null
java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
java.lang.SecurityException: Authentication exception, principal=null
java.lang.SecurityException: Authentication exception, principal=null
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:213)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:144)
at org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor.invokeHome(StatefulSessionInstanceInterceptor.java:99)
at org.jboss.ejb.plugins.TxInterceptorCMT.invokeNext(TxInterceptorCMT.java:135)
at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:263)
at org.jboss.ejb.plugins.TxInterceptorCMT.invokeHome(TxInterceptorCMT.java:86)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:106)
at org.jboss.ejb.StatefulSessionContainer.invokeHome(StatefulSessionContainer.java:311)
at org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoker.invokeHome(JRMPContainerInvoker.java:436)
at org.jboss.ejb.plugins.jrmp.interfaces.HomeProxy.invoke(HomeProxy.java:212)
at $Proxy47.create(Unknown Source)
at ua.kiev.softline.forex.control.web.ModelManager.getCC(ModelManager.java:95)
Is it possible to create session-bean accessible for authorized and dot'n authentificaled users?