4 Replies Latest reply on Jan 30, 2003 4:04 AM by panosk

    Environment with Logged and Non-Logged Users

    farmboy
    farmboy Feb 7, 2002 5:14 PM

      I desire to have an ejb environment where I may have clients that do not log on, along with clients that do.

      If they log on, They have rights to their roles.

      if they don't log on, they have default rights.
      The unauthenticatedIdentity="nobody" doesn't seem to help me. I assume because I never invoke the LoginContext. The error message at the server for failure to login is:
      [ERROR,SecurityInterceptor] Insufficient method permissions, principal=null, method=create, requiredRoles=[nobody], principalRoles=[]

      So I guess the question is how can I set the clients principal without them logging in?

      Appreciate!

      • 4575 Views
      • Tags:
        • 1. Re: Environment with Logged and Non-Logged Users
          luke_t Feb 9, 2002 9:43 AM (in response to farmboy)


          > So I guess the question is how can I set the clients principal without them logging in?

          That's what the unauthenticatedIdentity setting is for.

          What do your ejb settings and your server auth.conf look like?

          Luke.

            • Actions
          • 2. Re: Environment with Logged and Non-Logged Users
            farmboy
            farmboy Feb 11, 2002 5:17 PM (in response to farmboy)

            Here is the portion of auth.conf for the module:
            db {

            org.jboss.security.auth.spi.DatabaseServerLoginModule required
            dsJndiName="java:/BetterLIMSDS"
            principalsQuery="select password as passwd from dbuser where userid=?"
            rolesQuery="select GroupName as UserRoles, 'Roles' as Roles from group_user where userid=?"

            unauthenticatedIdentity="nobody"
            ;
            };

            Here's a portion of the ejb-jar for the security access:
            <assembly-descriptor>
            <security-role>
            <role-name>AuthorizedUser</role-name>
            </security-role>
            <security-role>
            <role-name>nobody</role-name>
            </security-role>
            <method-permission>
            Example of security with roles for the SecureHello
            <role-name>nobody</role-name>

            <ejb-name>Hello</ejb-name>
            <method-name>*</method-name>

            </method-permission>

            I guess a question I have at this point, does the unauthenticatedIdentity of "nobody" have to exist in the database with some roles defined? or is this a role that is automatically defined for those not logged on?

            I appreciate all your feedback luke.

              • Actions
            • 3. Re: Environment with Logged and Non-Logged Users
              ubxwgm
              ubxwgm Jan 29, 2003 2:08 AM (in response to farmboy)

              It seems that unauthenticatedIdentity provides a principal to use like a "normal" user.

              So either you mark the required methods as "unchecked" or you have to create some mapping from nobody to the roles you need.

              regards Michael

                • Actions
              • 4. Re: Environment with Logged and Non-Logged Users
                panosk
                panosk Jan 30, 2003 4:04 AM (in response to farmboy)

                I have the same problem. I have defined unathenticatedPrincipal (or even IdentityLoginModule) but i still get the following error:

                java.lang.RuntimeException: checkSecurityAssociation; CausedByException is:
                Authentication exception, principal=null

                from my ejbs.

                  • Actions