ERROR [SecurityInterceptor] Insufficient method permissions,
pkrishna Jul 11, 2003 7:03 PMI am trying to port a security application that I downloaded from the web to Jboss 3.x env. While the client login seems to work the server side login fails with the following exception:
16:30:52,185 ERROR [LogInterceptor] EJBException, causedBy:
java.lang.SecurityException: Insufficient method permissions, principal=Eric, me
thod=create, interface=HOME, requiredRoles=[], principalRoles=null
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(Se
curityInterceptor.java:228)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityIntercep
tor.java:94)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:1
33)
at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionCo
ntainer.java:300)
at org.jboss.ejb.Container.invoke(Container.java:756)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517)
THis happens when an ejb's create method is invoked.
I realize this topic has been discussed but since I couldn't fix the problem, I posing this issue and request help on this topic.
Here is a snippet of the login-config.xml I was using:
<application-policy name = "OciSRP">
<login-module code = "org.jboss.security.srp.jaas.SRPCacheLoginModule"
flag = "required">
<module-option name = "cacheJndiName">srp/AuthenticationCache</module-option>
</login-module>
<login-module code = "com.ociweb.jmx.jaas.srp.DatabaseRoleLoginModule"
flag = "required">
<module-option name = "dsJndiName">java:/security</module-option>
<module-option name = "rolesQuery">"SELECT Roles.name, 'Roles' FROM Roles,GroupRoles,Groups,UserGroups,Users WHERE Roles.id=GroupRoles.roleID AND GroupRoles.groupID=Groups.id AND UserGroups.groupID=Groups.ID AND UserGroups.userID=Users.id AND Users.username=?"</module-option>
<module-option name="password-stacking">useFirstPass</module-option>
</login-module>
</application-policy>
THe DatabaseRolesLoginModule is a custom module which implements initialize(), login(), getIdentity() and getRoleSets(). I put some print statements in this java file and couldn't see getIndentity() and getRoleSets() being called but login() gets called.
Below is the snippet of ejb-jar.xml which describes the security descriptors:
<ejb-jar>
.
.
.
<assembly-descriptor>
<security-role>
<role-name>ManageUsers</role-name>
</security-role>
<security-role>
<role-name>ViewUserStatistics</role-name>
</security-role>
<security-role>
<role-name>UpdateCustomer</role-name>
</security-role>
<method-permission>
<ejb-name>CatalogMgrBean</ejb-name>
<method-name>create</method-name>
</method-permission>
</assembly-descriptor>
<ejb-jar>
jboss>
<security-domain>java:/jaas/OciSRP</security-domain>
<enterprise-beans>
<ejb-name>CatalogMgrBean</ejb-name>
<jndi-name>ejb/CatalogMgrHome</jndi-name>
</enterprise-beans>
I suspect the problem I am having is because the above methods are not getting called. I initially tried this on JBoss 3.04 with Tomcat 4.1.12 and later I tried with JBoss 3.07 with Tomcat 4.1.24.
Could somebody tell me why I am having the above problem?
Any help on the above problem will be appreciated.