Authorisation Issues
gatapia May 25, 2004 8:12 PMHi All,
Been through most of the topics on this forum an I still can't find a solution to my prob. Any help will be greatly appreciated.
Basically. Security does not work. (java.lang.SecurityException: Insufficient method permissions, principal=null, ...), Which kinda tells me that my web service did not log on properly, if at all.
Env: JBoss 3.2.3 / Tomcat
Brief Desc:
Basically my wsr contains a class file that accesses a secured SessionBean. The wsr is contained in an ear. The SessionBean is in another deployment package in that ear.
Thanks All
Guido
PS: My apologies for the length of this post.
Client Code (Excerpt):
Service s = new Service(); Call call = (Call) s.createCall(); call.setTargetEndpointAddress(new java.net.URL(endpoint)); call.setUsername(user); call.setPassword(pass);
web-service.xml (Excerpt):
<handler type="java:org.jboss.net.axis.server.JBossAuthenticationHandler"> <parameter name="securityDomain" value="java:/jaas/geg_domain"/> <parameter name="allowedRoles" value="level1"/> <parameter name="validateUnauthenticatedCalls" value="true"/> </handler> <handler type="java:org.jboss.net.axis.server.JBossAuthorizationHandler"> <parameter name="securityDomain" value="java:/jaas/geg_domain"/> <parameter name="allowedRoles" value="level1"/> <parameter name="validateUnauthenticatedCalls" value="true"/> </handler>
login-config.xml (Excerpt):
<application-policy name="geg_domain"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="unauthenticatedIdentity">Unknown</module-option> <module-option name="hashAlgorithm">MD5</module-option> <module-option name="hashEncoding">base64</module-option> <module-option name="dsJndiName">java:/PostgresDS</module-option> <module-option name="principalsQuery">select Password from Principals where PrincipalID=?</module-option> <module-option name="rolesQuery">select Role, RoleGroup from Roles where PrincipalID=?</module-option> </login-module> </authentication> </application-policy>
Soap Request:
POST /jboss-net/services/AdminWS HTTP/1.0 Content-Type: text/xml; charset=utf-8 Accept: application/soap+xml, application/dime, multipart/related, text/* User-Agent: Axis/1.2alpha Host: monkey:8080 Cache-Control: no-cache Pragma: no-cache SOAPAction: "" Content-Length: 580 Authorization: Basic dXNlcjpwYXNzd29yZA== <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Body> <getMachine soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <id href="#id0"/> </getMachine> <multiRef id="id0" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="xsd:long" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">0</multiRef> </soapenv:Body> </soapenv:Envelope>
Soap Reply:
HTTP/1.1 500 Internal Server Error Set-Cookie: JSESSIONID=9609F23E93100AAC21933B7EC803C725; Path=/jboss-net Content-Type: text/xml;charset=utf-8 Date: Tue, 25 May 2004 23:51:21 GMT Server: Apache-Coyote/1.1 Connection: close <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Body> <soapenv:Fault> <faultcode>soapenv:Server.userException</faultcode> <faultstring>java.lang.RuntimeException: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is: Insufficient method permissions, principal=null, method=create, interface=LOCALHOME, requiredRoles=[level1, level2, level3], principalRoles=[]</faultstring> <detail/> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope>