4 Replies Latest reply on Sep 6, 2005 4:45 AM by shankarniyer

Problem with PrincipalRoles=null; for create method..

sivatil Sep 1, 2005 7:02 AM

Hello, I am getting the following problem...

03:23:07,171 ERROR [SecurityInterceptor] Insufficient method permissions, principal=siva, method=create, interface=HOME, requiredRoles=[User, Administrator], principalRoles=null
03:23:07,171 INFO [STDOUT] Exception in MethodsServlet: SecurityException; nested exception is:
java.lang.SecurityException: Insufficient method permissions, principal=siva, method=create, interface=HOME, requiredRoles=[User, Administrator], principalRoles=null
03:23:07,171 INFO [STDOUT] ?????????????
03:23:07,171 INFO [STDOUT] java.rmi.AccessException: SecurityException; nested exception is:
java.lang.SecurityException: Insufficient method permissions, principal=siva, method=create, interface=HOME, requiredRoles=[User, Administrator], principalRoles=null
03:23:07,171 INFO [STDOUT] at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:370)
03:23:07,171 INFO [STDOUT] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:125)
03:23:07,171 INFO [STDOUT] at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
03:23:07,171 INFO [STDOUT] at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:319)
03:23:07,171 INFO [STDOUT] at org.jboss.ejb.Container.invoke(Container.java:729)
03:23:07,171 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
03:23:07,171 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
03:23:07,171 INFO [STDOUT] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
03:23:07,171 INFO [STDOUT] at java.lang.reflect.Method.invoke(Method.java:324)
03:23:07,171 INFO [STDOUT] at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.java:60)
03:23:07,171 INFO [STDOUT] at org.jboss.mx.server.Invocation.dispatch(Invocation.java:62)
03:23:07,171 INFO [STDOUT] at org.jboss.mx.server.Invocation.dispatch(Invocation.java:54)
03:23:07,171 INFO [STDOUT] at org.jboss.mx.server.Invocation.invoke(Invocation.java:82)
03:23:07,171 INFO [STDOUT] at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:198)
03:23:07,171 INFO [STDOUT] at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473)
03:23:07,171 INFO [STDOUT] at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:97)
03:23:07,171 INFO [STDOUT] at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:115)
03:23:07,171 INFO [STDOUT] at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:101)
03:23:07,171 INFO [STDOUT] at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
03:23:07,171 INFO [STDOUT] at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:55)
03:23:07,171 INFO [STDOUT] at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
03:23:07,171 INFO [STDOUT] at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:86)
03:23:07,171 INFO [STDOUT] at $Proxy51.create(Unknown Source)
03:23:07,171 INFO [STDOUT] at com.til.jaas.StockManagerReport.doGet(StockManagerReport.java:100)
03:23:07,171 INFO [STDOUT] at com.til.jaas.StockManagerReport.doPost(StockManagerReport.java:56)
03:23:07,171 INFO [STDOUT] at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
03:23:07,171 INFO [STDOUT] at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
03:23:07,171 INFO [STDOUT] at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
03:23:07,171 INFO [STDOUT] at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:66)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
03:23:07,171 INFO [STDOUT] at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:162)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
03:23:07,171 INFO [STDOUT] at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
03:23:07,171 INFO [STDOUT] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
03:23:07,171 INFO [STDOUT] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
03:23:07,171 INFO [STDOUT] at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
03:23:07,171 INFO [STDOUT] at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
03:23:07,171 INFO [STDOUT] at java.lang.Thread.run(Thread.java:536)
03:23:07,187 INFO [STDOUT] Caused by: java.lang.SecurityException: Insufficient method permissions, principal=siva, method=create, interface=HOME, requiredRoles=[User, Administrator], principalRoles=null
03:23:07,187 INFO [STDOUT] at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:223)
03:23:07,187 INFO [STDOUT] at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:74)
03:23:07,187 INFO [STDOUT] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:121)
03:23:07,187 INFO [STDOUT] ... 58 more

my login-config.xml is......
--------------------------------

<application-policy name="stockmanager">

<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="managedConnectionFactoryName">
jboss.jca:service=LocalTxCM,name=MSSQLDS
</module-option>
<module-option name="dsJndiName">
java:/MSSQLDS
</module-option>
<module-option name="principalsQuery">
Select Password from Principals where PrincipalID=?
</module-option>
<module-option name="rolesQuery">
Select Role as Role,RoleGroup as RoleGroup from Roles where PrincipalID=?
</module-option>
</login-module>
<login-module code="org.jboss.security.ClientLoginModule" flag="required">
</login-module>

</application-policy>

my ejb-jar.xml is..
----------------------

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">

<ejb-jar>
<![CDATA[No Description.]]>
<display-name>Generated by XDoclet</display-name>
<enterprise-beans>


<![CDATA[Description for StockManager]]>
<display-name>Name for StockManager</display-name>
<ejb-name>StockManager</ejb-name>
com.til.jaas.interfaces.StockManagerHome
com.til.jaas.interfaces.StockManager
<ejb-class>com.til.jaas.ejb.StockManagerSession</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<security-role-ref>
<role-name>Administrator</role-name>
<role-link>Administrator</role-link>
</security-role-ref>
<security-role-ref>
<role-name>User</role-name>
<role-link>User</role-link>
</security-role-ref>

</enterprise-beans>

<assembly-descriptor >
<security-role>
<role-name>Administrator</role-name>
</security-role>
<security-role>
<role-name>User</role-name>
</security-role>

<method-permission>
<role-name>Administrator</role-name>

<ejb-name>StockManager</ejb-name>
<method-intf>Remote</method-intf>
<method-name>*</method-name>

<ejb-name>StockManager</ejb-name>
<method-intf>Home</method-intf>
<method-name>*</method-name>

</method-permission>
<method-permission>
<role-name>User</role-name>

<ejb-name>StockManager</ejb-name>
<method-intf>Remote</method-intf>
<method-name>getStockQuantities</method-name>

<ejb-name>StockManager</ejb-name>
<method-intf>Home</method-intf>
<method-name>*</method-name>

</method-permission>

</assembly-descriptor>

</ejb-jar>

my jboss.xml is...
-----------------------

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 3.2//EN" "http://www.jboss.org/j2ee/dtd/jboss_3_2.dtd">

<security-domain>java:/jaas/stockmanager</security-domain>
<enterprise-beans>

<ejb-name>StockManager</ejb-name>
<jndi-name>ejb/StockManager</jndi-name>

<method-attributes>
</method-attributes>

</enterprise-beans>

<resource-managers>
</resource-managers>

---
my web.xml is...
-------------

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

This is the description of my J2EE component
<display-name>This is the display name of my J2EE component</display-name>
<servlet-name>StockManagerServlet</servlet-name>
<servlet-class>com.til.jaas.StockManagerServlet</servlet-class>

This is the description of my J2EE component
<display-name>This is the display name of my J2EE component</display-name>
<servlet-name>StockManagerReport</servlet-name>
<servlet-class>com.til.jaas.StockManagerReport</servlet-class>

<servlet-name>login</servlet-name>
<jsp-file>/login.jsp</jsp-file>

<servlet-name>homepage</servlet-name>
<jsp-file>/homepage.jsp</jsp-file>

<servlet-mapping>
<servlet-name>StockManagerServlet</servlet-name>
<url-pattern>/stockmanager</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>StockManagerReport</servlet-name>
<url-pattern>/stockreport</url-pattern>
</servlet-mapping>
<ejb-ref>
<ejb-ref-name>StockManagerHome</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type>
com.til.jaas.interfaces.StockManagerHome
com.til.jaas.interfaces.StockManager
<ejb-link>StockManager</ejb-link>
</ejb-ref>
<security-constraint>
<web-resource-collection>
<web-resource-name>stockmanager</web-resource-name>
Declarative security tests
<url-pattern>/r/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Administrator</role-name>
<role-name>User</role-name>
</auth-constraint>
<user-data-constraint>
No description
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>stockmanager</realm-name>
</login-config>
<security-role>
A user allowed to invoke methods
<role-name>Administrator</role-name>
</security-role>
<security-role>
A user allowed to invoke methods
<role-name>User</role-name>
</security-role>

</web-app>
----------

Can anybody help me in solving this problem.

Thanks
Siva

1. Re: Problem with PrincipalRoles=null; for create method..

starksm64 Sep 3, 2005 11:48 PM (in response to sivatil)

Not without the jboss version.
Actions
2. Re: Problem with PrincipalRoles=null; for create method..

sivatil Sep 4, 2005 11:52 PM (in response to sivatil)

Im using Jboss 3.2.7
Actions
3. Re: Problem with PrincipalRoles=null; for create method..

starksm64 Sep 5, 2005 10:03 AM (in response to sivatil)

The only known related issue was fixed in 3.2.7:
http://jira.jboss.com/jira/browse/JBAS-1199

I would need info on how to reproduce the problem. Create a jira issue with that information.
http://jira.jboss.com/jira/browse/JBAS
Actions
4. Re: Problem with PrincipalRoles=null; for create method..

shankarniyer Sep 6, 2005 4:45 AM (in response to sivatil)

Hi Siva,

I am of the view that you are missing something in your ejb-jar.xml.

your method permissions are not proprly set.

<method-permission>
<role-name>Administrator</role-name>

<ejb-name>Math</ejb-name>
<method-intf>Remote</method-intf>
<method-name>MultiTwoNumber</method-name>

</method-permission>

Add something like this and see
Actions

Go to original post