Cannot find roles from database
davidsills Sep 15, 2003 10:55 AMI'm using jboss-3.0.4_tomcat-4.1.12 and am having a problem with the DatabaseLoginModule. I have read and read, and am baffled.
I want access to my test bean restricted to the "admn" role. The test works perfectly if I use:
<application-policy name = "databaseModule">
<login-module code = "org.jboss.security.auth.spi.IdentityLoginModule"
flag = "sufficient">
<module-option name="principal">msmolyak</module-option>
<module-option name="roles">admin</module-option>
</login-module>
</application-policy>
Thus I know that if my application can retrieve the principal name "msmolyak" and the associated role "admin" all will be well. The problem is, the database module can't seem to do this.
This is my login configuration:
<application-policy name = "databaseModule">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "sufficient">
<module-option name="dsJndiName">java:/ExtDbDS</module-option>
<module-option name="principalsQuery">
select * from dsills.users where user_name = ?
</module-option>
<module-option name="rolesQuery">
select * from dsills.roles where user_name = ?
</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.ClientLoginModule" flag="required"/>
<login-module code="org.jboss.security.auth.spi.AnonLoginModule" flag="sufficient">
<module-option name="unauthenticatedIdentity">ANYBODY</module-option>
</login-module>
</application-policy>
If I use the roles query:
select * from dsills.roles where user_name = 'msmolyak'
the result is:
msmolyak,admin,Roles
but when I try to login using msmolyak, I get this error:
2003-09-15 12:41:59,343 ERROR [org.jboss.ejb.plugins.LogInterceptor] EJBException, causedBy:
java.lang.SecurityException: Insufficient method permissions, principal=msmolyak, method=create, interface=HOME, requiredRoles=[admin], principalRoles=null
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:228)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:129)
at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300)
at org.jboss.ejb.Container.invoke(Container.java:730)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517)
at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:382)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
at sun.rmi.transport.Transport$1.run(Transport.java:148)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
at java.lang.Thread.run(Thread.java:536)
It looks as though I have been authenticated as msmolyak, but my roles could not be retrieved. What am I missing? I've bashed my head against this for three days, and I'd appreciate any advice. Thanks!