1 Reply Latest reply on Jun 16, 2005 1:16 PM by starksm64

    cannot access a session bean with unchecked permissions set

    dragospd
    dragospd Jun 14, 2005 3:33 AM

      I have a stateless session bean that run under a security domain but all methods are set to be unchecked for permissions. I cannot access this bean from a client program without providing the correct credentials.


      <session >
 <description>[CDATA[]]</description>

 <ejb-name>SecurityService2Session</ejb-name>

 <home>rdcs.core.ejb.interfaces.SecurityService2SessionHome</home>
 <remote>rdcs.core.ejb.interfaces.SecurityService2Session</remote>
 <ejb-class>rdcs.core.ejb.session.SecurityService2SessionBean</ejb-class>
 <session-type>Stateless</session-type>
 <transaction-type>Container</transaction-type>

 </session>




       <method-permission >
 <description>[CDATA[description not supported yet by ejbdoclet]]</description>
 <unchecked/>
 <method >
 <description>[CDATA[description not supported yet by ejbdoclet]]</description>
 <ejb-name>SecurityService2Session</ejb-name>
 <method-name>*</method-name>
 </method>
 </method-permission>

      this is the relevant portion of the stacktrace: 

      Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
 at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:160)
 at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:124)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
 at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:480)
 at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:420)
 at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:237)
 at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:210)
 at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:151)
 at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:74)
 at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:121)
 ... 25 more


      Why Jboss try to make a login on accessing an unchecked bean? Did I miss something?


      • 2394 Views
      • Tags: