1 Reply Latest reply on May 29, 2005 3:17 PM by tcherel

Insufficient method permissions

krishnaswamy.v May 27, 2005 7:12 AM

Hi
I am using org.jboss.security.ClientLoginModule(available in client side only) and I have one custom login module in server side.
My login operation is getting succeeded but when I try to call a create method of a session bean I am getting the exception (see below).

java.lang.SecurityException: Insufficient method permissions, principal=krish, ejbName=Sample, method=create, interface=HOME, requiredRoles=,
principalRoles=null

In my ejb-jar.xml I haven?t specified any <security-role>or <method-permission>.
For my EJBs. Frankly I don?t want to specify!!!

May I know how to make my application working?

1. Re: Insufficient method permissions

tcherel May 29, 2005 3:17 PM (in response to krishnaswamy.v)

If you do not want to specify any security on your EJB, then do not put any security domain in the jboss.xml file.
But if you do that, then authentication is not required anymore.
If you require authentication, you will need, at least, to sepcify that all your EJB operations are "unchecked" (see EJB spec) in the ejb-jar.xml, otherwise, by default, access is refused.

Thomas
Actions