Hi all,
I get a "Insufficient method permissions" when I try to deploy a servlet.
It seams to me as if the <run-as> parameter in web.xml is ignored
The servlet is defined as follows:
<servlet-name> glue </servlet-name>
<servlet-class> electric.server.http.ServletServer </servlet-class>
<load-on-startup>1</load-on-startup>
<run-as>
<role-name>workflowUser</role-name>
</run-as>
On initialisation, the servlet accesses an EJB with the following definition in ejb-jar.xml
<assembly-descriptor >
<security-role>
<role-name>workflowUser</role-name>
</security-role>
<method-permission >
<role-name>workflowUser</role-name>
<ejb-name>AbaWorkflow</ejb-name>
<method-name>*</method-name>
</method-permission>
</assembly-descriptor>
I receive the following on the console:
11:29:20,439 ERROR [SecurityInterceptor] Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[workflowUser], principalRoles=[]
11:29:20,439 ERROR [LogInterceptor] EJBException, causedBy:
java.lang.SecurityException: Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[workflowUser], principalRoles=[] at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.ja
va:229)
Looking at SecurityInterceptor.java, I see that checkSecurityAssociation() does a:
Principal threadRunAsRole = SecurityAssociation.peekRunAsRole();
and seams to receive NULL.
Could anybody please shed some light on this? What am I doing wrong?
I am using JBOSS 3.2.3
Thank you
Hubert