Principal=null.... please help me
craig1980 Oct 27, 2004 3:29 AMHi all; i'm using a great WfMS called wfmOpen; now i have a problem.. i must call a secure EJB; this EJB is in a secure domain called "danet-workflow"; all the "people" who can call it must have a role: "StaffManagementRole_0"; now i have created a my web appplication; i have a login.jsp page, a filter, a servlet, and a java class; now the java code of the filter is:
import java.io.IOException; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.security.PrivilegedAction; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.TextOutputCallback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; public class LoginFilter implements Filter { private String applicationPolicy = null; private static final org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory.getLog (LoginFilter.class); /** * Simple login context for authentication. */ private static class LoginFilterLoginContext extends LoginContext { private static class CBH implements CallbackHandler { private String userName = null; private String password = null; public CBH(String userName, String password) { this.userName = userName; this.password = password; } public void handle(Callback[] callbacks) throws UnsupportedCallbackException, IOException { for (int i = 0; i < callbacks.length; i++) { if (callbacks instanceof TextOutputCallback) { // display the message according to the specified type TextOutputCallback toc = (TextOutputCallback) callbacks; switch (toc.getMessageType()) { case TextOutputCallback.INFORMATION: System.err.println(toc.getMessage()); break; case TextOutputCallback.ERROR: System.err.println("ERROR: " + toc.getMessage()); break; case TextOutputCallback.WARNING: System.err.println("WARNING: " + toc.getMessage()); break; default: throw new IOException ("Unsupported message type: " + toc.getMessageType()); } } else if (callbacks instanceof NameCallback) { // prompt the user for a username NameCallback nc = (NameCallback) callbacks; nc.setName(userName); } else if (callbacks instanceof PasswordCallback) { // prompt the user for sensitive information PasswordCallback pc = (PasswordCallback) callbacks; pc.setPassword(password.toCharArray()); } else if (callbacks.getClass().getName().equals ("weblogic.security.auth.callback.URLCallback")) { } else { throw new UnsupportedCallbackException (callbacks, "Unrecognized Callback \"" + callbacks.getClass().getName() + "\""); } } } } public LoginFilterLoginContext (String applicationPolicy, String userName, String password) throws LoginException { super(applicationPolicy, new CBH(userName, password)); } } /** The WLS security class. Indicates if WLS security is used. */ private Class wlsSec = null; /** The context used for the login and logout operations */ private LoginContext loginContext; /** * Initialize the filter. * * @param filterConfig the filter configuration information * @throws ServletException if the login context cannot be created */ public void init(FilterConfig filterConfig) throws ServletException { // first, find out if we have WLS security try { wlsSec = Thread.currentThread().getContextClassLoader() .loadClass("weblogic.security.Security"); } catch (ClassNotFoundException e) { // OK, not WLS client logger.debug("No WLS security class, not using WLS security"); } // now get the parameters applicationPolicy = filterConfig.getInitParameter("ApplicationPolicy"); if (applicationPolicy == null) { applicationPolicy = "client-login"; } } /** * Do nothing. */ public void destroy() {} /** * Perform a login, call the next filter on the filter chain and * perform a logout. * * @param request the request * @param response the response * @param chain the filter chain * @throws IOException IOException * @throws ServletException ServletException */ public void doFilter (ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = ( ( HttpServletRequest )( request ) ); String userName = req.getParameter("username"); String password = req.getParameter("password"); if (logger.isDebugEnabled()) { logger.debug("Configured to use application policy \"" + applicationPolicy + "\", user name \"" + userName + "\" and " + (password == null ? " no password." : "a (non-disclosed) password.")); } System.out.println( "Username: "+ userName+ " password: "+ password ); // finally, create login context try { loginContext = new LoginFilterLoginContext (applicationPolicy, userName, password); } catch (LoginException e) { throw new ServletException ("Cannot create LoginContext: " + e.getMessage(), e); } try { loginContext.login(); } catch (LoginException e) { throw new ServletException("Cannot login: " + e.getMessage(), e); } try { if (wlsSec != null) { // Use WLS security. Use reflection to avoid code // dependency on WLS try { Class[] ats = new Class[] {Subject.class, PrivilegedAction.class}; Method m = wlsSec.getMethod("runAs", ats); final FilterChain chainArg = chain; final ServletRequest reqArg = request; final ServletResponse resArg = response; Object[] args = new Object[] { loginContext.getSubject(), new PrivilegedExceptionAction() { public Object run() throws Exception { chainArg.doFilter(reqArg, resArg); return null; } } } ; m.invoke(null, args); } catch (NoSuchMethodException e) { logger.error(e.getMessage(), e); throw new IllegalStateException(e.getMessage()); } catch (SecurityException e) { logger.error(e.getMessage(), e); throw new IllegalStateException(e.getMessage()); } catch (IllegalAccessException e) { logger.error(e.getMessage(), e); throw new IllegalStateException(e.getMessage()); } catch (InvocationTargetException e) { if (e.getTargetException() instanceof PrivilegedActionException) { PrivilegedActionException pe = (PrivilegedActionException) e. getTargetException(); if (pe.getException() instanceof IOException) { throw (IOException) pe.getException(); } if (pe.getException() instanceof ServletException) { throw (ServletException) pe.getException(); } } logger.error(e.getMessage(), e); throw new IllegalStateException(e.getMessage()); } } else { // Use JBoss security. chain.doFilter(request, response); } } finally { try { loginContext.logout(); } catch (LoginException e) { throw new ServletException ("Cannot logout: " + e.getMessage(), e); } } } }
The sevlet code is:
import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.security.PrivilegedAction; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.TextOutputCallback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpSession; import java.io.IOException; public class Dispatcher extends HttpServlet { /** The WLS security class. Indicates if WLS security is used. */ private Class wlsSec = null; /** The context used for the login and logout operations */ private LoginContext loginContext; private static final org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory.getLog (Dispatcher.class); private String applicationPolicy = "client-login"; //Initialize global variables public void init() throws ServletException { } //Process the HTTP Get request public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost( request, response ); } //Process the HTTP Post request public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter( "username" ); String password = request.getParameter( "password" ); System.out.println( "Tento login con username: ["+ username+ "] e password: ["+password+"]" ); try { LoginContext log = new LoginFilterLoginContext(applicationPolicy, username, password); System.out.println( "LoginContext creato" ); log.login(); System.out.println( "Loggato vado al main" ); HttpSession session = request.getSession(); if( session == null ){ session = request.getSession( true ); } session.setAttribute( "usename", username ); session.setAttribute( "password", password ); response.sendRedirect( "processDef.jsp" ); } catch (LoginException ex) { ex.printStackTrace(); } } //Clean up resources public void destroy() { } private static class LoginFilterLoginContext extends LoginContext { private static class CBH implements CallbackHandler { private String userName = null; private String password = null; public CBH (String userName, String password) { this.userName = userName; this.password = password; } public void handle (Callback[] callbacks) throws UnsupportedCallbackException, IOException { for (int i = 0; i < callbacks.length; i++) { if (callbacks instanceof TextOutputCallback) { // display the message according to the specified type TextOutputCallback toc = (TextOutputCallback)callbacks; switch (toc.getMessageType()) { case TextOutputCallback.INFORMATION: System.err.println(toc.getMessage()); break; case TextOutputCallback.ERROR: System.err.println("ERROR: " + toc.getMessage()); break; case TextOutputCallback.WARNING: System.err.println("WARNING: " + toc.getMessage()); break; default: throw new IOException ("Unsupported message type: " + toc.getMessageType()); } } else if (callbacks instanceof NameCallback) { // prompt the user for a username NameCallback nc = (NameCallback)callbacks; nc.setName(userName); } else if (callbacks instanceof PasswordCallback) { // prompt the user for sensitive information PasswordCallback pc = (PasswordCallback)callbacks; pc.setPassword(password.toCharArray()); } else if (callbacks.getClass().getName().equals ("weblogic.security.auth.callback.URLCallback")) { } else { throw new UnsupportedCallbackException (callbacks, "Unrecognized Callback \"" + callbacks.getClass().getName() + "\""); } } } } public LoginFilterLoginContext (String applicationPolicy, String userName, String password) throws LoginException { super (applicationPolicy, new CBH(userName, password)); } } }
My java class that calls the EJB is this one:
import java.util.Collection; import de.danet.an.workflow.api.WorkflowServiceFactory; import de.danet.an.workflow.api.WorkflowService; import de.danet.an.util.Util; import java.rmi.RemoteException; public class WorkflowInteraction { private WorkflowService wfServ; public WorkflowInteraction() { wfServ = WorkflowServiceFactory.newInstance().newWorkflowService(); } public Collection getProcessDefinitions() throws RemoteException { return wfServ.processDefinitionDirectory().processDefinitions(); } }
This is my web.xml of my .war file that is in an .ear archive:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<display-name>Demo Engineering</display-name>
<description>Semplice demo per l'utilizzo di wfmOpen per Engineering Ingegneria Informatica</description>
<filter>
<filter-name>LoginFilter</filter-name>
<description>
</description>
<filter-class>it.eng.nikko.demo.web.login.LoginFilter</filter-class>
<init-param>
<param-name>ApplicationPolicy</param-name>
<param-value>client-login</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<servlet-name>dispatcher</servlet-name>
</filter-mapping>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>it.eng.nikko.demo.web.login.Dispatcher</servlet-class>
<security-role-ref>
<role-name>SecurityRoleRef1</role-name>
<role-link>StaffManagementUser</role-link>
</security-role-ref>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/dispatcher</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>SecurityConstraint1</display-name>
<web-resource-collection>
<web-resource-name>LoginFilterTestCollection</web-resource-name>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>StaffManagementUser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Richiesto per l'EJB</description>
<role-name>StaffManagementRole_0</role-name>
</security-role>
<security-role>
<description>Default</description>
<role-name>StaffManagementUser</role-name>
</security-role>
<ejb-ref>
<description>Mi riferisco al workflow EJB</description>
<ejb-ref-name>ejb/Engine</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type>
<home>de.danet.an.workflow.ejbs.WorkflowEngineHome</home>
<remote>de.danet.an.workflow.ejbs.WorkflowEngine</remote>
<ejb-link>Engine</ejb-link>
</ejb-ref>
</web-app>
This is the jboss-boss.xml of my .war archive:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">
<jboss-web>
<security-domain>java:/jaas/danetworkflow</security-domain>
<context-root>demo</context-root>
<ejb-ref>
<ejb-ref-name>ejb/Engine</ejb-ref-name>
<jndi-name>jnp://localhost:1099/WorkflowEngine</jndi-name>
</ejb-ref>
</jboss-web>
In my .ear archive there is this application.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd">
<application>
<display-name>it.eng.demo.ContentEar</display-name>
<module>
<ejb>de.danet.an.wfcore-ejbs.jar</ejb>
</module>
<module>
<ejb>de.danet.an.webform-ejbs.jar</ejb>
</module>
<module>
<ejb>de.danet.an.util-ejbs.jar</ejb>
</module>
<module>
<ejb>de.danet.an.staffmgmt-ejbs.jar</ejb>
</module>
<module>
<web>
<web-uri>it.eng.demo.ContentWar.war</web-uri>
<context-root>demo</context-root>
</web>
</module>
<security-role>
<description>Role richiesto per il Principal</description>
<role-name>StaffManagementRole_0</role-name>
</security-role>
<security-role>
<description>Management Utente per il wf</description>
<role-name>StaffManagementUser</role-name>
</security-role>
</application>
and this jboss-app.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-app PUBLIC "-//JBoss//DTD J2EE Application 1.3V2//EN" "http://www.jboss.org/j2ee/dtd/jboss-app_3_2.dtd">
<jboss-app>
<loader-repository>workflow.demo.eng.it:loader=it.eng.demo.ContentEar.ear</loader-repository>
<module>
<service>destination-service.sar</service>
</module>
<module>
<service>de.danet.an.util-ejbtimer.sar</service>
</module>
</jboss-app>
Well......the deploy is good; i can call the login.jsp page by using this url:
http://localhost:8080/demo/login.jsp; i insert ML/ML as username/password but when i click the submit i have this error:
08:58:14,625 INFO [STDOUT] Username: ML password: ML
08:58:14,625 INFO [STDOUT] Tento login con username: [ML] e password: [ML]
08:58:14,635 INFO [STDOUT] LoginContext creato
08:58:14,635 INFO [STDOUT] Loggato vado al main
08:58:14,695 ERROR [SecurityInterceptor] Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0], principalRoles=null
08:58:14,695 ERROR [LogInterceptor] EJBException, causedBy:
java.lang.SecurityException: Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0], principalRoles=null
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:229)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:83)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:319)
at org.jboss.ejb.Container.invoke(Container.java:743)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.java:60)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:61)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:53)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:185)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473)
at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:97)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:90)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:53)
at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
at $Proxy116.create(Unknown Source)
at de.danet.an.workflow.ejbs.client.StandardWorkflowServiceFactory.newWorkflowService(StandardWorkflowServiceFactory.java:206)
at it.eng.nikko.demo.wf.WorkflowInteraction.<init>(WorkflowInteraction.java:14)
at org.apache.jsp.processDef_jsp._jspService(processDef_jsp.java:60)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:72)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.invoke(JBossSecurityMgrRealm.java:275)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:534)
08:58:14,705 ERROR [StandardWorkflowServiceFactory] EJBException:; nested exception is:
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0], principalRoles=null
java.rmi.ServerException: EJBException:; nested exception is:
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0], principalRoles=null
at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:347)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:124)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:319)
at org.jboss.ejb.Container.invoke(Container.java:743)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.java:60)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:61)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:53)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:185)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473)
at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:97)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:90)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:53)
at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
at $Proxy116.create(Unknown Source)
at de.danet.an.workflow.ejbs.client.StandardWorkflowServiceFactory.newWorkflowService(StandardWorkflowServiceFactory.java:206)
at it.eng.nikko.demo.wf.WorkflowInteraction.<init>(WorkflowInteraction.java:14)
at org.apache.jsp.processDef_jsp._jspService(processDef_jsp.java:60)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:72)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.invoke(JBossSecurityMgrRealm.java:275)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:534)
Caused by: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0], principalRoles=null
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:230)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:83)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
... 59 more
08:58:14,726 ERROR [Engine] StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw exception
de.danet.an.workflow.api.FactoryConfigurationError: Cannot create WorkflowEngineEJB: EJBException:; nested exception is:
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0], principalRoles=null
at de.danet.an.workflow.ejbs.client.StandardWorkflowServiceFactory.newWorkflowService(StandardWorkflowServiceFactory.java:220)
at it.eng.nikko.demo.wf.WorkflowInteraction.<init>(WorkflowInteraction.java:14)
at org.apache.jsp.processDef_jsp._jspService(processDef_jsp.java:60)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:72)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.invoke(JBossSecurityMgrRealm.java:275)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:534)
As you can see the principal is null.... how can i avoid this? How can i solve this problem? Can anybody give me a help, please? Thanks to all and i excuse if this post is too long, but i have tried to be as clear as possible. Thanks again