"kyleyj" wrote:
I'm trying to move the authentication for our application from the application logic to JBoss. The application loads several EJBs which I'm trying to use the ClientLoginModule to pass the username/password to the JndiLoginModule to authenticate the user against NIS. That is all working. However, the problem is regarding the authorization of the roles.

The exception is:

2004-01-28 14:34:54,625 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Insufficient method permissions, principal=user, method=create, interface=HOME, requiredRoles=[trustedRole], principalRoles=null

I don't know how to retrieve the roles for the user. I've tried putting the RunAsLoginModule before the JndiLoginModule to force the role to be what I want, but that doesn't seem to work.

In fact I don't really care about the roles, other than that the EJBs wouldn't deploy unless roles were provided.

What should I be doing differently, or what am I missing in the process of authorizing the user to invoke the HOME method of the EJB?

Cheers!
Kyley