6 Replies Latest reply on Apr 17, 2003 12:06 PM by petertje

    principalRoles=null after login from client app


      I have secured a stateless session bean with jaas, using custom login modules. When i login using a servlet, everything works fine, I can access the secured methods of the session bean.
      However, when i login from a client application, I get the following security exception when trying to call the create method of the session bean:

      java.lang.SecurityException: Insufficient method permissions, principal=jlust, method=create, interface=HOME, requiredRoles=[top], principalRoles=null

      The login modules do work as expected, the login succeeds and the correct principals are added to the "Roles" group of the Subject, but somehow the Roles-group is lost by the time the create-method is called.

      Does anyone know what i could be doing wrong here?