1 Reply Latest reply on Jul 7, 2004 4:32 PM by starksm64

Problem on ClientLoginModule to Secure EJB Layer

iihome Jul 6, 2004 12:00 AM

Hi,

I have been put my EJB under JAAS protection and remote call by a disturbed standalone client. My ejb-jar.xml is as following
<ejb-jar>
<enterprise-beans>

<ejb-name>MyBeanSLSB</ejb-name>
MyBeanHome
MyBeanRemote
<ejb-class>MyBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>

<assembly-descriptor>
<security-role>
<role-name>ADMINISTRATOR</role-name>
</security-role>
<method-permission>
<role-name>ADMINISTRATOR</role-name>

<ejb-name>MyBeanSLSB</ejb-name>
<method-name>*</method-name>

</method-permission>
<method-permission>
<role-name>ADMINISTRATOR</role-name>

<ejb-name>MyBeanSLSB</ejb-name>
<method-intf>Home</method-intf>
<method-name>create</method-name>

</method-permission>
</assembly-descriptor>
</enterprise-beans>
</ejb-jar>

I have use the ClientLoginModule and LoginInitialContextFactory to run on the standalone client and is sucessfully authenicate by the server. However, when I success lookup the Home interface and call create to get the Remote Object. I get the following exception

11:43:54,170 ERROR [SecurityInterceptor] No method permissions assigned to metho
d=create, interface=HOME
11:43:54,170 ERROR [LogInterceptor] EJBException, causedBy:
java.lang.SecurityException: No method permissions assigned to method=create, in
terface=HOME
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(Se
curityInterceptor.java:185)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityIntercep
tor.java:83)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:1
20)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyF
actoryFinderInterceptor.java:93)
at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessS
essionContainer.java:319)
at org.jboss.ejb.Container.invoke(Container.java:743)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.
java:60)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:61)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:53)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.
java:185)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473)
at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:
360)

I been work on both jboss-3.2.2 and jboss-3.2.5 and produce the same error. Meanwhile, I have put security-role/security-role-ref in the session bean descriptor but produce same result. Also I have try to put <method-intf>bahbahbah</method-intf> instead of <method-intf>Home</method-intf> but the server remain deploy success without warning or error. The server seem ignore the method-permission tag setting.

Thanks in advance on what wrong on my setting.

1. Re: Problem on ClientLoginModule to Secure EJB Layer

starksm64 Jul 7, 2004 4:32 PM (in response to iihome)
The method-permission is missing the method child element:

<method-permission> <role-name>EchoLocal</role-name> <method> <ejb-name>MyBeanSLSB</ejb-name> <method-intf>Home</method-intf> <method-name>create</method-name> </method> </method-permission>

See the ejb-jar.xml dtd for the correct content model.
Actions