Hi all,

I get a "Insufficient method permissions" when I try to deploy a servlet.
It seams to me as if the <run-as> parameter in web.xml is ignored
The servlet is defined as follows:


<servlet-name> glue </servlet-name>
<servlet-class> electric.server.http.ServletServer </servlet-class>
<load-on-startup>1</load-on-startup>
<run-as>
<role-name>workflowUser</role-name>
</run-as>


On initialisation, the servlet accesses an EJB with the following definition in ejb-jar.xml

<assembly-descriptor >
<security-role>
<role-name>workflowUser</role-name>
</security-role>

<method-permission >
<role-name>workflowUser</role-name>

<ejb-name>AbaWorkflow</ejb-name>
<method-name>*</method-name>

</method-permission>
</assembly-descriptor>



I receive the following on the console:

11:29:20,439 ERROR [SecurityInterceptor] Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[workflowUser], principalRoles=[]
11:29:20,439 ERROR [LogInterceptor] EJBException, causedBy:
java.lang.SecurityException: Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[workflowUser], principalRoles=[] at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.ja
va:229)


Looking at SecurityInterceptor.java, I see that checkSecurityAssociation() does a:
Principal threadRunAsRole = SecurityAssociation.peekRunAsRole();
and seams to receive NULL.

Could anybody please shed some light on this? What am I doing wrong?

I am using JBOSS 3.2.3

Thank you

Hubert