1 Reply Latest reply on Sep 4, 2009 6:22 AM by wolfgangknauf

    Issue in JAAS - EJB3 declarative security

      I 'm running into an issue in EJB3 declarative security in JBoss 4.2.0.

      Here is my scenario.
      1. I have 3 EJB3 beans (let us call it as ClientEJB, LoginEJB and TestBean
      2. ClientEJB needs to call LoginEJB to validate login. Upon successful login (using LoginContext.login()) I would like user's context set to the jBoss container).
      3. Now ClientEJB needs to call TestBean. TestBean has certain methods in which I have following annotations
      @RolesAllowed ({"test"}) // to allow method access to user's with "test" role
      4. But for some reasons I keep getting

      ERROR [RoleBasedAuthorizationInterceptor] Insufficient permissions, principal=null, requiredRoles=[test], principalRoles=[]

      javax.ejb.EJBAccessException: Authorization failure
      at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptor.invoke(RoleBasedAuthorizationInterceptor.java:113)


      5. I was expecting the role which was set in LoginBean inturn propogates to TestBean.

      Can some one help me with this?

      Thanks in advance.

        • 1. Re: Issue in JAAS - EJB3 declarative security
          wolfgangknauf

          Hi,

          I need much more details about your app before I can provide you with help. Please post all relevant snippets of code and configuration.

          Did you declare a "@SecurityDomain" for your bean? Did you configure your login module? Did you activate security layer logging (see sticky post "FAQ" in this forum, question 4)?

          Best regards

          Wolfgang