9 Replies Latest reply on May 30, 2008 2:39 AM by hieutrinh

    EJB SecurityException on AccountBean EJB dukesbank

    eric_hootsen

      I posted the question below to the JBoss Getting Started Guide forum but not a single answer this far. I decided to try it elsewhere. Maybe I have more luck here.

      I tried enabling security for the Duke's Bank application as mentioned in the Getting Started guide paragraph 4.3.1.

      When I added the security-domain element for the jboss-web.xml file for the web application, the login does work. Both using property files and using database.

      However, the Getting Started guide also says to add a security-domain element to the jboss.xml file in the EJB package. However, if I add the security-domain element there, I then get an EJB SecurityException after logging into the web app on the AccountBean EJB.

      Why isn't the EJB-level security working? It's the same exact line as the web app security, using the dukesbank security domain.

        • 1. Re: EJB SecurityException on AccountBean EJB dukesbank
          jaikiran

          Please post the exception stacktrace that you are seeing and the jboss.xml that you are using. Also, try and obtain the TRACE level logs of jboss security package as mentioned in Q4 at:

          http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ

          BTW, which version of JBoss are you using?

          • 2. Re: EJB SecurityException on AccountBean EJB dukesbank
            jaikiran

            Forgot to mention, please post the login-config.xml as well.

            • 3. Re: EJB SecurityException on AccountBean EJB dukesbank
              eric_hootsen

              Using version 4.0.4.GA.

              jboss.xml
              <!DOCTYPE jboss PUBLIC
              "-//JBoss//DTD JBOSS 4.0//EN"
              "http://www.jboss.org/j2ee/dtd/jboss_4_0.dtd">

              <!-- Security domain for J2EE tutorial dukesbank application -->
              <security-domain>java:/jaas/dukesbank</security-domain>

              <enterprise-beans>

              <ejb-name>AccountBean</ejb-name>
              <local-jndi-name>MyAccount</local-jndi-name>


              <ejb-name>CustomerBean</ejb-name>
              <local-jndi-name>MyCustomer</local-jndi-name>


              <ejb-name>TxBean</ejb-name>
              <local-jndi-name>MyTx</local-jndi-name>


              <ejb-name>NextIdBean</ejb-name>
              <local-jndi-name>MyNextId</local-jndi-name>


              <ejb-name>AccountControllerBean</ejb-name>
              <jndi-name>MyAccountController</jndi-name>
              <ejb-local-ref>
              <ejb-ref-name>ejb/account</ejb-ref-name>
              <local-jndi-name>MyAccount</local-jndi-name>
              </ejb-local-ref>
              <ejb-local-ref>
              <ejb-ref-name>ejb/customer</ejb-ref-name>
              <local-jndi-name>MyCustomer</local-jndi-name>
              </ejb-local-ref>
              <ejb-local-ref>
              <ejb-ref-name>ejb/nextId</ejb-ref-name>
              <local-jndi-name>MyNextId</local-jndi-name>
              </ejb-local-ref>
              <ejb-local-ref>
              <ejb-ref-name>ejb/tx</ejb-ref-name>
              <local-jndi-name>MyTx</local-jndi-name>
              </ejb-local-ref>


              <ejb-name>CustomerControllerBean</ejb-name>
              <jndi-name>MyCustomerController</jndi-name>
              <ejb-local-ref>
              <ejb-ref-name>ejb/account</ejb-ref-name>
              <local-jndi-name>MyAccount</local-jndi-name>
              </ejb-local-ref>
              <ejb-local-ref>
              <ejb-ref-name>ejb/customer</ejb-ref-name>
              <local-jndi-name>MyCustomer</local-jndi-name>
              </ejb-local-ref>
              <ejb-local-ref>
              <ejb-ref-name>ejb/nextId</ejb-ref-name>
              <local-jndi-name>MyNextId</local-jndi-name>
              </ejb-local-ref>
              <ejb-local-ref>
              <ejb-ref-name>ejb/tx</ejb-ref-name>
              <local-jndi-name>MyTx</local-jndi-name>
              </ejb-local-ref>


              <ejb-name>TxControllerBean</ejb-name>
              <jndi-name>MyTxController</jndi-name>
              <ejb-local-ref>
              <ejb-ref-name>ejb/account</ejb-ref-name>
              <local-jndi-name>MyAccount</local-jndi-name>
              </ejb-local-ref>
              <ejb-local-ref>
              <ejb-ref-name>ejb/customer</ejb-ref-name>
              <local-jndi-name>MyCustomer</local-jndi-name>
              </ejb-local-ref>
              <ejb-local-ref>
              <ejb-ref-name>ejb/nextId</ejb-ref-name>
              <local-jndi-name>MyNextId</local-jndi-name>
              </ejb-local-ref>
              <ejb-local-ref>
              <ejb-ref-name>ejb/tx</ejb-ref-name>
              <local-jndi-name>MyTx</local-jndi-name>
              </ejb-local-ref>

              </enterprise-beans>



              login-config.xml
              <?xml version='1.0'?>
              <!DOCTYPE policy PUBLIC
              "-//JBoss//DTD JBOSS Security Config 3.0//EN"
              "http://www.jboss.org/j2ee/dtd/security_config.dtd">

              <!-- The XML based JAAS login configuration read by the
              org.jboss.security.auth.login.XMLLoginConfig mbean. Add
              an application-policy element for each security domain.

              The outline of the application-policy is:
              <application-policy name="security-domain-name">

              <login-module code="login.module1.class.name" flag="control_flag">
              <module-option name = "option1-name">option1-value</module-option>
              <module-option name = "option2-name">option2-value</module-option>
              ...
              </login-module>

              <login-module code="login.module2.class.name" flag="control_flag">
              ...
              </login-module>
              ...

              </application-policy>

              -->


              <!-- The login configuration used by the dukesbank security domain.
              <application-policy name = "dukesbank">

              <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
              flag = "required">
              <module-option name = "dsJndiName">java:/DefaultDS</module-option>
              <module-option name = "principalsQuery">SELECT PASSWD FROM USERS WHERE USERNAME=?</module-option>
              <module-option name = "rolesQuery">SELECT USERROLES, 'Roles' FROM USERROLES WHERE USERNAME=?</module-option>
              </login-module>

              </application-policy>
              -->

              <!-- The login configuration used by the dukesbank security domain.
              -->
              <application-policy name = "dukesbank">

              <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
              flag = "required" />

              </application-policy>

              <!-- Used by clients within the application server VM such as
              mbeans and servlets that access EJBs.
              -->
              <application-policy name = "client-login">

              <login-module code = "org.jboss.security.ClientLoginModule"
              flag = "required">
              <!-- Any existing security context will be restored on logout -->
              <module-option name="restore-login-identity">true</module-option>
              </login-module>

              </application-policy>

              <!-- Security domain for JBossMQ -->
              <application-policy name = "jbossmq">

              <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
              flag = "required">
              <module-option name = "unauthenticatedIdentity">guest</module-option>
              <module-option name = "dsJndiName">java:/DefaultDS</module-option>
              <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
              <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
              </login-module>

              </application-policy>

              <!-- Security domain for JBossMQ when using file-state-service.xml
              <application-policy name = "jbossmq">

              <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
              flag = "required">
              <module-option name = "unauthenticatedIdentity">guest</module-option>
              <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
              </login-module>

              </application-policy>
              -->

              <!-- Security domains for testing new jca framework -->
              <application-policy name = "HsqlDbRealm">

              <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
              flag = "required">
              <module-option name = "principal">sa</module-option>
              <module-option name = "userName">sa</module-option>
              <module-option name = "password"></module-option>
              <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
              </login-module>

              </application-policy>

              <application-policy name = "JmsXARealm">

              <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
              flag = "required">
              <module-option name = "principal">guest</module-option>
              <module-option name = "userName">guest</module-option>
              <module-option name = "password">guest</module-option>
              <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
              </login-module>

              </application-policy>

              <!-- A template configuration for the jmx-console web application. This
              defaults to the UsersRolesLoginModule the same as other and should be
              changed to a stronger authentication mechanism as required.
              -->
              <application-policy name = "jmx-console">

              <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
              flag = "required">
              <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
              <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
              </login-module>

              </application-policy>

              <!-- A template configuration for the web-console web application. This
              defaults to the UsersRolesLoginModule the same as other and should be
              changed to a stronger authentication mechanism as required.
              -->
              <application-policy name = "$webConsoleDomain">

              <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
              flag = "required">
              <module-option name="usersProperties">web-console-users.properties</module-option>
              <module-option name="rolesProperties">web-console-roles.properties</module-option>
              </login-module>

              </application-policy>

              <!-- A template configuration for the JBossWS web application (and transport layer!).
              This defaults to the UsersRolesLoginModule the same as other and should be
              changed to a stronger authentication mechanism as required.
              -->
              <application-policy name="JBossWS">

              <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
              flag="required">
              <module-option name="usersProperties">props/jbossws-users.properties</module-option>
              <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
              <module-option name="unauthenticatedIdentity">anonymous</module-option>
              </login-module>

              </application-policy>

              <!-- The default login configuration used by any security domain that
              does not have a application-policy entry with a matching name
              -->
              <application-policy name = "other">
              <!-- A simple server login module, which can be used when the number
              of users is relatively small. It uses two properties files:
              users.properties, which holds users (key) and their password (value).
              roles.properties, which holds users (key) and a comma-separated list of
              their roles (value).
              The unauthenticatedIdentity property defines the name of the principal
              that will be used when a null username and password are presented as is
              the case for an unuathenticated web client or MDB. If you want to
              allow such users to be authenticated add the property, e.g.,
              unauthenticatedIdentity="nobody"
              -->

              <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
              flag = "required" />

              </application-policy>




              Stacktrace
              2006-10-25 20:33:35,195 ERROR [STDERR] Debug: /accountList
              2006-10-25 20:33:35,195 ERROR [STDERR] Debug: Forwarding to template.
              2006-10-25 20:33:35,255 DEBUG [org.jboss.ejb.StatefulSessionContainer] Created new session ID: etq2g2zb-n
              2006-10-25 20:33:35,255 DEBUG [org.jboss.ejb.StatefulSessionContainer] Using create method for session: public void com.sun.ebank.ejb.customer.CustomerControllerBean.ejbCreate()
              2006-10-25 20:33:35,255 ERROR [STDERR] Debug: CustomerControllerBean ejbCreate
              2006-10-25 20:33:35,265 DEBUG [org.jboss.proxy.ejb.ProxyFactory] seting invoker proxy binding for stateful session: stateful-rmi-invoker
              2006-10-25 20:33:35,275 DEBUG [org.jboss.ejb.StatefulSessionContainer] Created new session ID: etq2g2zv-o
              2006-10-25 20:33:35,275 DEBUG [org.jboss.ejb.StatefulSessionContainer] Using create method for session: public void com.sun.ebank.ejb.account.AccountControllerBean.ejbCreate()
              2006-10-25 20:33:35,275 ERROR [STDERR] Debug: AccountControllerBean ejbCreate
              2006-10-25 20:33:35,295 DEBUG [org.jboss.proxy.ejb.ProxyFactory] seting invoker proxy binding for stateful session: stateful-rmi-invoker
              2006-10-25 20:33:35,305 DEBUG [org.jboss.ejb.StatefulSessionContainer] Created new session ID: etq2g30p-p
              2006-10-25 20:33:35,305 DEBUG [org.jboss.ejb.StatefulSessionContainer] Using create method for session: public void com.sun.ebank.ejb.tx.TxControllerBean.ejbCreate()
              2006-10-25 20:33:35,305 ERROR [STDERR] Debug: TxControllerBean ejbCreate
              2006-10-25 20:33:35,315 DEBUG [org.jboss.proxy.ejb.ProxyFactory] seting invoker proxy binding for stateful session: stateful-rmi-invoker
              2006-10-25 20:33:35,315 ERROR [STDERR] Debug: AccountControllerBean getAccountsOfCustomer
              2006-10-25 20:33:35,325 ERROR [org.jboss.ejb.plugins.LogInterceptor] EJBException in method: public abstract java.util.ArrayList com.sun.ebank.ejb.account.AccountController.getAccountsOfCustomer(java.lang.String) throws java.rmi.RemoteException,com.sun.ebank.ejb.exception.InvalidParameterException,com.sun.ebank.ejb.exception.CustomerNotFoundException:
              javax.ejb.EJBException: SecurityException
              at com.sun.ebank.ejb.account.AccountControllerBean.getAccountsOfCustomer(AccountControllerBean.java:216)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
              at java.lang.reflect.Method.invoke(Method.java:324)
              at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
              at org.jboss.ejb.StatefulSessionContainer$ContainerInterceptor.invoke(StatefulSessionContainer.java:598)
              at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
              at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
              at org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor.invoke(StatefulSessionInstanceInterceptor.java:330)
              at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
              at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
              at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
              at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
              at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
              at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:136)
              at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
              at org.jboss.ejb.Container.invoke(Container.java:954)
              at sun.reflect.GeneratedMethodAccessor86.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
              at java.lang.reflect.Method.invoke(Method.java:324)
              at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
              at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
              at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
              at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
              at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
              at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
              at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
              at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:206)
              at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:192)
              at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
              at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
              at org.jboss.proxy.ejb.StatefulSessionInterceptor.invoke(StatefulSessionInterceptor.java:121)
              at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
              at $Proxy77.getAccountsOfCustomer(Unknown Source)
              at com.sun.ebank.web.CustomerBean.getAccounts(CustomerBean.java:113)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
              at java.lang.reflect.Method.invoke(Method.java:324)
              at org.apache.commons.el.ArraySuffix.evaluate(ArraySuffix.java:314)
              at org.apache.commons.el.ComplexValue.evaluate(ComplexValue.java:145)
              at org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:263)
              at org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:190)
              at org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:932)
              at org.apache.jsp.template.links_jsp._jspx_meth_c_set_0(links_jsp.java:161)
              at org.apache.jsp.template.links_jsp._jspService(links_jsp.java:84)
              at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
              at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
              at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
              at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
              at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
              at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:574)
              at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:499)
              at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:966)
              at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:614)
              at com.sun.ebank.web.template.InsertTag.doTag(InsertTag.java:82)
              at org.apache.jsp.template.template_jsp._jspx_meth_tt_insert_2(template_jsp.java:911)
              at org.apache.jsp.template.template_jsp._jspService(template_jsp.java:87)
              at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
              at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
              at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
              at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
              at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
              at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463)
              at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398)
              at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
              at com.sun.ebank.web.Dispatcher.doGet(Dispatcher.java:91)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
              at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
              at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
              at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
              at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
              at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
              at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
              at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
              at java.lang.Thread.run(Thread.java:534)
              2006-10-25 20:33:35,325 ERROR [STDERR] Debug: EJBException:; nested exception is:
              javax.ejb.EJBException: SecurityException
              2006-10-25 20:33:35,335 DEBUG [org.jboss.ejb.plugins.AbstractInstanceCache] Activation failure
              javax.ejb.EJBException: Could not activate; failed to restore state
              at org.jboss.ejb.plugins.StatefulSessionFilePersistenceManager.activateSession(StatefulSessionFilePersistenceManager.java:343)
              at org.jboss.ejb.plugins.StatefulSessionInstanceCache.activate(StatefulSessionInstanceCache.java:113)
              at org.jboss.ejb.plugins.AbstractInstanceCache.doActivate(AbstractInstanceCache.java:457)
              at org.jboss.ejb.plugins.StatefulSessionInstanceCache.doActivate(StatefulSessionInstanceCache.java:129)
              at org.jboss.ejb.plugins.AbstractInstanceCache.get(AbstractInstanceCache.java:123)
              at org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor.invoke(StatefulSessionInstanceInterceptor.java:236)
              at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
              at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
              at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
              at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
              at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
              at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:136)
              at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
              at org.jboss.ejb.Container.invoke(Container.java:954)
              at sun.reflect.GeneratedMethodAccessor86.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
              at java.lang.reflect.Method.invoke(Method.java:324)
              at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
              at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
              at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
              at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
              at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
              at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
              at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
              at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:206)
              at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:192)
              at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
              at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
              at org.jboss.proxy.ejb.StatefulSessionInterceptor.invoke(StatefulSessionInterceptor.java:121)
              at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
              at $Proxy77.getAccountsOfCustomer(Unknown Source)
              at com.sun.ebank.web.CustomerBean.getAccounts(CustomerBean.java:113)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
              at java.lang.reflect.Method.invoke(Method.java:324)
              at org.apache.commons.el.ArraySuffix.evaluate(ArraySuffix.java:314)
              at org.apache.commons.el.ComplexValue.evaluate(ComplexValue.java:145)
              at org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:263)
              at org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:190)
              at org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:932)
              at org.apache.jsp.accountList_jsp._jspx_meth_c_set_0(accountList_jsp.java:231)
              at org.apache.jsp.accountList_jsp._jspService(accountList_jsp.java:117)
              at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
              at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
              at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
              at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
              at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
              at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:574)
              at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:499)
              at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:966)
              at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:614)
              at com.sun.ebank.web.template.InsertTag.doTag(InsertTag.java:82)
              at org.apache.jsp.template.template_jsp._jspx_meth_tt_insert_3(template_jsp.java:924)
              at org.apache.jsp.template.template_jsp._jspService(template_jsp.java:92)
              at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
              at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
              at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
              at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
              at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
              at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463)
              at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398)
              at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
              at com.sun.ebank.web.Dispatcher.doGet(Dispatcher.java:91)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
              at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
              at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
              at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
              at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
              at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
              at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
              at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
              at java.lang.Thread.run(Thread.java:534)
              Caused by: java.io.FileNotFoundException: C:\Appl\jboss-4.0.4.GA\server\default\tmp\sessions\AccountControllerBean-etq23lcf-5\etq2g2zv-o.ser (Het systeem kan het opgegeven bestand niet vinden)
              at java.io.FileInputStream.open(Native Method)
              at java.io.FileInputStream.(FileInputStream.java:106)
              at org.jboss.ejb.plugins.StatefulSessionFilePersistenceManager$FISAction.run(StatefulSessionFilePersistenceManager.java:526)
              at java.security.AccessController.doPrivileged(Native Method)
              at org.jboss.ejb.plugins.StatefulSessionFilePersistenceManager$FISAction.open(StatefulSessionFilePersistenceManager.java:535)
              at org.jboss.ejb.plugins.StatefulSessionFilePersistenceManager.activateSession(StatefulSessionFilePersistenceManager.java:323)
              ... 92 more
              2006-10-25 20:33:35,345 ERROR [STDERR] Debug: Could not activate; failed to restore state
              2006-10-25 20:33:41,764 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] Running RemoverTask
              2006-10-25 20:33:41,764 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, PassivatedCount=0
              2006-10-25 20:33:41,764 DEBUG [org.jboss.ejb.plugins.AbstractInstanceCache] removePassivated, now=1161801221764, maxLifeAfterPassivation=1200000
              2006-10-25 20:33:41,764 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, done

              • 4. Re: EJB SecurityException on AccountBean EJB dukesbank
                eric_hootsen

                And the contents of the log file with TRACE enabled for org.jboss.security.

                I did not change the log levels for Tomcat. The web container security does work fine.

                2006-10-25 21:09:06,510 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin isValid, principal:200, cache info: null
                2006-10-25 21:09:06,510 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] defaultLogin, principal=200
                2006-10-25 21:09:06,510 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(dukesbank), size=9
                2006-10-25 21:09:06,510 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(dukesbank), authInfo=AppConfigurationEntry[]:
                [0]
                LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
                ControlFlag: LoginModuleControlFlag: required
                Options:
                2006-10-25 21:09:06,520 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] initialize, instance=@17024288
                2006-10-25 21:09:06,530 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] findResource: null
                2006-10-25 21:09:06,550 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Properties file=jar:file:/C:/Appl/jboss-4.0.4.GA/server/default/tmp/deploy/tmp32083JBossDukesBank.ear!/users.properties, defaults=null
                2006-10-25 21:09:06,550 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Loaded properties, users=[200]
                2006-10-25 21:09:06,550 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] findResource: null
                2006-10-25 21:09:06,570 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Properties file=jar:file:/C:/Appl/jboss-4.0.4.GA/server/default/tmp/deploy/tmp32083JBossDukesBank.ear!/roles.properties, defaults=null
                2006-10-25 21:09:06,570 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Loaded properties, users=[200]
                2006-10-25 21:09:06,570 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] login
                2006-10-25 21:09:06,570 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] User '200' authenticated, loginOk=true
                2006-10-25 21:09:06,570 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] commit, loginOk=true
                2006-10-25 21:09:06,570 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Checking user: 200, roles string: bankCustomer
                2006-10-25 21:09:06,570 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Adding to Roles: bankCustomer
                2006-10-25 21:09:06,580 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] defaultLogin, lc=javax.security.auth.login.LoginContext@1c82208, subject=Subject(3296133).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer))
                2006-10-25 21:09:06,580 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] updateCache, inputSubject=Subject(3296133).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)), cacheSubject=Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer))
                2006-10-25 21:09:06,580 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Inserted cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:06,580 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End isValid, true
                2006-10-25 21:09:06,580 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@163e9a1{principal=200,subject=8347989}
                2006-10-25 21:09:06,580 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:06,590 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@163e9a1{principal=200,subject=8347989}
                2006-10-25 21:09:06,590 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] getUserRoles, subject: Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)

                2006-10-25 21:09:06,590 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
                2006-10-25 21:09:06,600 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
                2006-10-25 21:09:06,600 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@1896429{principal=200,subject=8347989}
                2006-10-25 21:09:06,620 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
                2006-10-25 21:09:06,620 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
                2006-10-25 21:09:06,630 ERROR [STDERR] Debug: Creating bean manager.
                2006-10-25 21:09:06,730 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=200
                2006-10-25 21:09:06,790 TRACE [org.jboss.security.SecurityAssociation] getCallerPrincipal, principal=200
                2006-10-25 21:09:06,790 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:06,830 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin isValid, principal:200, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:06,830 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170];credential.class=java.lang.String@11372121
                2006-10-25 21:09:06,830 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End validateCache, isValid=true
                2006-10-25 21:09:06,830 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End isValid, true
                2006-10-25 21:09:06,840 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@18ba593{principal=200,subject=19095531}
                2006-10-25 21:09:06,850 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
                2006-10-25 21:09:06,850 DEBUG [org.jboss.ejb.StatefulSessionContainer] Created new session ID: etq3prqa-8
                2006-10-25 21:09:06,850 DEBUG [org.jboss.ejb.StatefulSessionContainer] Using create method for session: public void com.sun.ebank.ejb.customer.CustomerControllerBean.ejbCreate()
                2006-10-25 21:09:06,850 ERROR [STDERR] Debug: CustomerControllerBean ejbCreate
                2006-10-25 21:09:06,890 DEBUG [org.jboss.proxy.ejb.ProxyFactory] seting invoker proxy binding for stateful session: stateful-rmi-invoker
                2006-10-25 21:09:06,890 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
                2006-10-25 21:09:06,890 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, sc=org.jboss.security.SecurityAssociation$SubjectContext@18ba593{principal=200,subject=19095531}
                2006-10-25 21:09:06,920 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=200
                2006-10-25 21:09:06,920 TRACE [org.jboss.security.SecurityAssociation] getCallerPrincipal, principal=200
                2006-10-25 21:09:06,920 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:06,920 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin isValid, principal:200, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:06,920 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170];credential.class=java.lang.String@11372121
                2006-10-25 21:09:06,920 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End validateCache, isValid=true
                2006-10-25 21:09:06,920 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End isValid, true
                2006-10-25 21:09:06,920 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@1f0a2a0{principal=200,subject=21284283}
                2006-10-25 21:09:06,920 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
                2006-10-25 21:09:06,920 DEBUG [org.jboss.ejb.StatefulSessionContainer] Created new session ID: etq3prs8-9
                2006-10-25 21:09:06,920 DEBUG [org.jboss.ejb.StatefulSessionContainer] Using create method for session: public void com.sun.ebank.ejb.account.AccountControllerBean.ejbCreate()
                2006-10-25 21:09:06,920 ERROR [STDERR] Debug: AccountControllerBean ejbCreate
                2006-10-25 21:09:06,950 DEBUG [org.jboss.proxy.ejb.ProxyFactory] seting invoker proxy binding for stateful session: stateful-rmi-invoker
                2006-10-25 21:09:06,950 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
                2006-10-25 21:09:06,950 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, sc=org.jboss.security.SecurityAssociation$SubjectContext@1f0a2a0{principal=200,subject=21284283}
                2006-10-25 21:09:06,970 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=200
                2006-10-25 21:09:06,970 TRACE [org.jboss.security.SecurityAssociation] getCallerPrincipal, principal=200
                2006-10-25 21:09:06,970 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:06,970 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin isValid, principal:200, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:06,970 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170];credential.class=java.lang.String@11372121
                2006-10-25 21:09:06,970 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End validateCache, isValid=true
                2006-10-25 21:09:06,970 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End isValid, true
                2006-10-25 21:09:06,970 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@a42c89{principal=200,subject=6809898}
                2006-10-25 21:09:06,970 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
                2006-10-25 21:09:06,980 DEBUG [org.jboss.ejb.StatefulSessionContainer] Created new session ID: etq3prtw-a
                2006-10-25 21:09:06,980 DEBUG [org.jboss.ejb.StatefulSessionContainer] Using create method for session: public void com.sun.ebank.ejb.tx.TxControllerBean.ejbCreate()
                2006-10-25 21:09:06,980 ERROR [STDERR] Debug: TxControllerBean ejbCreate
                2006-10-25 21:09:07,010 DEBUG [org.jboss.proxy.ejb.ProxyFactory] seting invoker proxy binding for stateful session: stateful-rmi-invoker
                2006-10-25 21:09:07,010 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
                2006-10-25 21:09:07,010 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, sc=org.jboss.security.SecurityAssociation$SubjectContext@a42c89{principal=200,subject=6809898}
                2006-10-25 21:09:07,020 ERROR [STDERR] Debug: /main
                2006-10-25 21:09:07,020 ERROR [STDERR] Debug: Forwarding to template.
                2006-10-25 21:09:09,334 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=200
                2006-10-25 21:09:09,334 TRACE [org.jboss.security.SecurityAssociation] getCallerPrincipal, principal=200
                2006-10-25 21:09:09,334 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:09,334 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin isValid, principal:200, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:09,344 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170];credential.class=java.lang.String@11372121
                2006-10-25 21:09:09,344 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End validateCache, isValid=true
                2006-10-25 21:09:09,344 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End isValid, true
                2006-10-25 21:09:09,344 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@3522b5{principal=200,subject=7982988}
                2006-10-25 21:09:09,344 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
                2006-10-25 21:09:09,344 DEBUG [org.jboss.ejb.StatefulSessionContainer] Created new session ID: etq3ptnk-b
                2006-10-25 21:09:09,344 DEBUG [org.jboss.ejb.StatefulSessionContainer] Using create method for session: public void com.sun.ebank.ejb.customer.CustomerControllerBean.ejbCreate()
                2006-10-25 21:09:09,344 ERROR [STDERR] Debug: CustomerControllerBean ejbCreate
                2006-10-25 21:09:09,354 DEBUG [org.jboss.proxy.ejb.ProxyFactory] seting invoker proxy binding for stateful session: stateful-rmi-invoker
                2006-10-25 21:09:09,354 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
                2006-10-25 21:09:09,354 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, sc=org.jboss.security.SecurityAssociation$SubjectContext@3522b5{principal=200,subject=7982988}
                2006-10-25 21:09:09,374 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=200
                2006-10-25 21:09:09,374 TRACE [org.jboss.security.SecurityAssociation] getCallerPrincipal, principal=200
                2006-10-25 21:09:09,374 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:09,374 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin isValid, principal:200, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:09,374 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170];credential.class=java.lang.String@11372121
                2006-10-25 21:09:09,374 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End validateCache, isValid=true
                2006-10-25 21:09:09,374 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End isValid, true
                2006-10-25 21:09:09,374 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@9d6d87{principal=200,subject=25292729}
                2006-10-25 21:09:09,374 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
                2006-10-25 21:09:09,374 DEBUG [org.jboss.ejb.StatefulSessionContainer] Created new session ID: etq3ptoe-c
                2006-10-25 21:09:09,374 DEBUG [org.jboss.ejb.StatefulSessionContainer] Using create method for session: public void com.sun.ebank.ejb.account.AccountControllerBean.ejbCreate()
                2006-10-25 21:09:09,374 ERROR [STDERR] Debug: AccountControllerBean ejbCreate
                2006-10-25 21:09:09,404 DEBUG [org.jboss.proxy.ejb.ProxyFactory] seting invoker proxy binding for stateful session: stateful-rmi-invoker
                2006-10-25 21:09:09,404 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
                2006-10-25 21:09:09,404 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, sc=org.jboss.security.SecurityAssociation$SubjectContext@9d6d87{principal=200,subject=25292729}
                2006-10-25 21:09:09,424 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=200
                2006-10-25 21:09:09,424 TRACE [org.jboss.security.SecurityAssociation] getCallerPrincipal, principal=200
                2006-10-25 21:09:09,424 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:09,424 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin isValid, principal:200, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:09,424 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170];credential.class=java.lang.String@11372121
                2006-10-25 21:09:09,424 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End validateCache, isValid=true
                2006-10-25 21:09:09,424 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End isValid, true
                2006-10-25 21:09:09,424 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@84850{principal=200,subject=29593784}
                2006-10-25 21:09:09,424 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
                2006-10-25 21:09:09,424 DEBUG [org.jboss.ejb.StatefulSessionContainer] Created new session ID: etq3ptps-d
                2006-10-25 21:09:09,424 DEBUG [org.jboss.ejb.StatefulSessionContainer] Using create method for session: public void com.sun.ebank.ejb.tx.TxControllerBean.ejbCreate()
                2006-10-25 21:09:09,424 ERROR [STDERR] Debug: TxControllerBean ejbCreate
                2006-10-25 21:09:09,454 DEBUG [org.jboss.proxy.ejb.ProxyFactory] seting invoker proxy binding for stateful session: stateful-rmi-invoker
                2006-10-25 21:09:09,454 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
                2006-10-25 21:09:09,454 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, sc=org.jboss.security.SecurityAssociation$SubjectContext@84850{principal=200,subject=29593784}
                2006-10-25 21:09:09,534 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=200
                2006-10-25 21:09:09,534 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=null, sc=org.jboss.security.SecurityAssociation$SubjectContext@5e25f3{principal=200,subject=null}
                2006-10-25 21:09:09,544 TRACE [org.jboss.security.SecurityAssociation] getCallerPrincipal, principal=200
                2006-10-25 21:09:09,544 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:09,544 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin isValid, principal:200, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:09,544 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170];credential.class=java.lang.String@11372121
                2006-10-25 21:09:09,544 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End validateCache, isValid=true
                2006-10-25 21:09:09,544 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End isValid, true
                2006-10-25 21:09:09,544 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@1fc7299{principal=200,subject=13097312}
                2006-10-25 21:09:09,544 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
                2006-10-25 21:09:09,544 ERROR [STDERR] Debug: AccountControllerBean getAccountsOfCustomer
                2006-10-25 21:09:09,584 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=200
                2006-10-25 21:09:09,584 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin isValid, principal:200, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:09:09,584 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170];credential.class=java.lang.String@11372121
                2006-10-25 21:09:09,584 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End validateCache, isValid=true
                2006-10-25 21:09:09,584 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End isValid, true
                2006-10-25 21:09:09,584 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@1102fab{principal=200,subject=27897908}
                2006-10-25 21:09:09,584 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@1102fab{principal=200,subject=27897908}
                2006-10-25 21:09:09,584 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] doesUserHaveRole(Set), subject: Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)

                2006-10-25 21:09:09,584 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] roles=Roles(members:bankCustomer)
                2006-10-25 21:09:09,584 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] hasRole=false
                2006-10-25 21:09:09,584 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@1102fab{principal=200,subject=27897908}
                2006-10-25 21:09:09,584 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] getUserRoles, subject: Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)

                2006-10-25 21:09:09,594 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
                2006-10-25 21:09:09,594 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, sc=org.jboss.security.SecurityAssociation$SubjectContext@1102fab{principal=200,subject=27897908}
                2006-10-25 21:09:09,594 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, sc=org.jboss.security.SecurityAssociation$SubjectContext@1fc7299{principal=200,subject=13097312}
                2006-10-25 21:09:09,594 ERROR [org.jboss.ejb.plugins.LogInterceptor] EJBException in method: public abstract java.util.ArrayList com.sun.ebank.ejb.account.AccountController.getAccountsOfCustomer(java.lang.String) throws java.rmi.RemoteException,com.sun.ebank.ejb.exception.InvalidParameterException,com.sun.ebank.ejb.exception.CustomerNotFoundException:
                javax.ejb.EJBException: SecurityException
                at com.sun.ebank.ejb.account.AccountControllerBean.getAccountsOfCustomer(AccountControllerBean.java:216)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:324)
                at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
                at org.jboss.ejb.StatefulSessionContainer$ContainerInterceptor.invoke(StatefulSessionContainer.java:598)
                at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
                at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
                at org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor.invoke(StatefulSessionInstanceInterceptor.java:330)
                at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
                at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
                at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
                at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
                at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
                at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:136)
                at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
                at org.jboss.ejb.Container.invoke(Container.java:954)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:324)
                at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
                at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
                at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:206)
                at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:192)
                at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
                at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
                at org.jboss.proxy.ejb.StatefulSessionInterceptor.invoke(StatefulSessionInterceptor.java:121)
                at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
                at $Proxy77.getAccountsOfCustomer(Unknown Source)
                at com.sun.ebank.web.CustomerBean.getAccounts(CustomerBean.java:113)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:324)
                at org.apache.commons.el.ArraySuffix.evaluate(ArraySuffix.java:314)
                at org.apache.commons.el.ComplexValue.evaluate(ComplexValue.java:145)
                at org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:263)
                at org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:190)
                at org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:932)
                at org.apache.jsp.template.links_jsp._jspx_meth_c_set_0(links_jsp.java:161)
                at org.apache.jsp.template.links_jsp._jspService(links_jsp.java:84)
                at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
                at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
                at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
                at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:574)
                at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:499)
                at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:966)
                at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:614)
                at com.sun.ebank.web.template.InsertTag.doTag(InsertTag.java:82)
                at org.apache.jsp.template.template_jsp._jspx_meth_tt_insert_2(template_jsp.java:911)
                at org.apache.jsp.template.template_jsp._jspService(template_jsp.java:87)
                at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
                at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
                at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
                at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463)
                at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398)
                at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
                at com.sun.ebank.web.Dispatcher.doGet(Dispatcher.java:91)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
                at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
                at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
                at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
                at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
                at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
                at java.lang.Thread.run(Thread.java:534)
                2006-10-25 21:09:09,594 ERROR [STDERR] Debug: EJBException:; nested exception is:
                javax.ejb.EJBException: SecurityException
                2006-10-25 21:09:09,885 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
                2006-10-25 21:09:09,885 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
                2006-10-25 21:10:19,485 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
                2006-10-25 21:10:19,485 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@5e9a94{principal=200,subject=8347989}
                2006-10-25 21:10:19,485 ERROR [STDERR] Debug: /accountList
                2006-10-25 21:10:19,485 ERROR [STDERR] Debug: Forwarding to template.
                2006-10-25 21:10:19,545 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=200
                2006-10-25 21:10:19,545 TRACE [org.jboss.security.SecurityAssociation] getCallerPrincipal, principal=200
                2006-10-25 21:10:19,545 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:10:19,545 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin isValid, principal:200, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:10:19,545 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170];credential.class=java.lang.String@11372121
                2006-10-25 21:10:19,545 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End validateCache, isValid=true
                2006-10-25 21:10:19,545 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End isValid, true
                2006-10-25 21:10:19,545 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@a553e2{principal=200,subject=2511137}
                2006-10-25 21:10:19,545 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
                2006-10-25 21:10:19,545 DEBUG [org.jboss.ejb.StatefulSessionContainer] Created new session ID: etq3rbtl-e
                2006-10-25 21:10:19,545 DEBUG [org.jboss.ejb.StatefulSessionContainer] Using create method for session: public void com.sun.ebank.ejb.customer.CustomerControllerBean.ejbCreate()
                2006-10-25 21:10:19,545 ERROR [STDERR] Debug: CustomerControllerBean ejbCreate
                2006-10-25 21:10:19,555 DEBUG [org.jboss.proxy.ejb.ProxyFactory] seting invoker proxy binding for stateful session: stateful-rmi-invoker
                2006-10-25 21:10:19,555 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
                2006-10-25 21:10:19,555 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, sc=org.jboss.security.SecurityAssociation$SubjectContext@a553e2{principal=200,subject=2511137}
                2006-10-25 21:10:19,575 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=200
                2006-10-25 21:10:19,575 TRACE [org.jboss.security.SecurityAssociation] getCallerPrincipal, principal=200
                2006-10-25 21:10:19,575 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:10:19,575 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin isValid, principal:200, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:10:19,575 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170];credential.class=java.lang.String@11372121
                2006-10-25 21:10:19,575 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End validateCache, isValid=true
                2006-10-25 21:10:19,575 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End isValid, true
                2006-10-25 21:10:19,575 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@16a93b8{principal=200,subject=538786}
                2006-10-25 21:10:19,575 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
                2006-10-25 21:10:19,575 DEBUG [org.jboss.ejb.StatefulSessionContainer] Created new session ID: etq3rbuf-f
                2006-10-25 21:10:19,575 DEBUG [org.jboss.ejb.StatefulSessionContainer] Using create method for session: public void com.sun.ebank.ejb.account.AccountControllerBean.ejbCreate()
                2006-10-25 21:10:19,575 ERROR [STDERR] Debug: AccountControllerBean ejbCreate
                2006-10-25 21:10:19,595 DEBUG [org.jboss.proxy.ejb.ProxyFactory] seting invoker proxy binding for stateful session: stateful-rmi-invoker
                2006-10-25 21:10:19,595 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
                2006-10-25 21:10:19,595 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, sc=org.jboss.security.SecurityAssociation$SubjectContext@16a93b8{principal=200,subject=538786}
                2006-10-25 21:10:19,605 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=200
                2006-10-25 21:10:19,605 TRACE [org.jboss.security.SecurityAssociation] getCallerPrincipal, principal=200
                2006-10-25 21:10:19,605 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:10:19,605 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin isValid, principal:200, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:10:19,605 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170];credential.class=java.lang.String@11372121
                2006-10-25 21:10:19,605 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End validateCache, isValid=true
                2006-10-25 21:10:19,605 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End isValid, true
                2006-10-25 21:10:19,605 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@11261b1{principal=200,subject=30131099}
                2006-10-25 21:10:19,605 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
                2006-10-25 21:10:19,605 DEBUG [org.jboss.ejb.StatefulSessionContainer] Created new session ID: etq3rbv9-g
                2006-10-25 21:10:19,605 DEBUG [org.jboss.ejb.StatefulSessionContainer] Using create method for session: public void com.sun.ebank.ejb.tx.TxControllerBean.ejbCreate()
                2006-10-25 21:10:19,615 ERROR [STDERR] Debug: TxControllerBean ejbCreate
                2006-10-25 21:10:19,625 DEBUG [org.jboss.proxy.ejb.ProxyFactory] seting invoker proxy binding for stateful session: stateful-rmi-invoker
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, sc=org.jboss.security.SecurityAssociation$SubjectContext@11261b1{principal=200,subject=30131099}
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=200
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=null, sc=org.jboss.security.SecurityAssociation$SubjectContext@718e31{principal=200,subject=null}
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.SecurityAssociation] getCallerPrincipal, principal=200
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin isValid, principal:200, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170];credential.class=java.lang.String@11372121
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End validateCache, isValid=true
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End isValid, true
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@12e71c4{principal=200,subject=3085858}
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
                2006-10-25 21:10:19,625 ERROR [STDERR] Debug: AccountControllerBean getAccountsOfCustomer
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=200
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin isValid, principal:200, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170];credential.class=java.lang.String@11372121
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End validateCache, isValid=true
                2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End isValid, true
                2006-10-25 21:10:19,635 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@15651df{principal=200,subject=1655982}
                2006-10-25 21:10:19,635 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@15651df{principal=200,subject=1655982}
                2006-10-25 21:10:19,635 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] doesUserHaveRole(Set), subject: Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)

                2006-10-25 21:10:19,635 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] roles=Roles(members:bankCustomer)
                2006-10-25 21:10:19,635 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] hasRole=false
                2006-10-25 21:10:19,635 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@15651df{principal=200,subject=1655982}
                2006-10-25 21:10:19,635 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] getUserRoles, subject: Subject:
                Principal: 200
                Principal: Roles(members:bankCustomer)

                2006-10-25 21:10:19,635 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
                2006-10-25 21:10:19,635 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, sc=org.jboss.security.SecurityAssociation$SubjectContext@15651df{principal=200,subject=1655982}
                2006-10-25 21:10:19,635 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, sc=org.jboss.security.SecurityAssociation$SubjectContext@12e71c4{principal=200,subject=3085858}
                2006-10-25 21:10:19,635 ERROR [org.jboss.ejb.plugins.LogInterceptor] EJBException in method: public abstract java.util.ArrayList com.sun.ebank.ejb.account.AccountController.getAccountsOfCustomer(java.lang.String) throws java.rmi.RemoteException,com.sun.ebank.ejb.exception.InvalidParameterException,com.sun.ebank.ejb.exception.CustomerNotFoundException:
                javax.ejb.EJBException: SecurityException
                at com.sun.ebank.ejb.account.AccountControllerBean.getAccountsOfCustomer(AccountControllerBean.java:216)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:324)
                at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
                at org.jboss.ejb.StatefulSessionContainer$ContainerInterceptor.invoke(StatefulSessionContainer.java:598)
                at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
                at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
                at org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor.invoke(StatefulSessionInstanceInterceptor.java:330)
                at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
                at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
                at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
                at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
                at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
                at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:136)
                at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
                at org.jboss.ejb.Container.invoke(Container.java:954)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:324)
                at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
                at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
                at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:206)
                at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:192)
                at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
                at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
                at org.jboss.proxy.ejb.StatefulSessionInterceptor.invoke(StatefulSessionInterceptor.java:121)
                at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
                at $Proxy77.getAccountsOfCustomer(Unknown Source)
                at com.sun.ebank.web.CustomerBean.getAccounts(CustomerBean.java:113)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:324)
                at org.apache.commons.el.ArraySuffix.evaluate(ArraySuffix.java:314)
                at org.apache.commons.el.ComplexValue.evaluate(ComplexValue.java:145)
                at org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:263)
                at org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:190)
                at org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:932)
                at org.apache.jsp.template.links_jsp._jspx_meth_c_set_0(links_jsp.java:161)
                at org.apache.jsp.template.links_jsp._jspService(links_jsp.java:84)
                at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
                at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
                at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
                at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:574)
                at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:499)
                at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:966)
                at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:614)
                at com.sun.ebank.web.template.InsertTag.doTag(InsertTag.java:82)
                at org.apache.jsp.template.template_jsp._jspx_meth_tt_insert_2(template_jsp.java:911)
                at org.apache.jsp.template.template_jsp._jspService(template_jsp.java:87)
                at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
                at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
                at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
                at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463)
                at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398)
                at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
                at com.sun.ebank.web.Dispatcher.doGet(Dispatcher.java:91)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
                at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
                at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
                at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
                at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
                at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
                at java.lang.Thread.run(Thread.java:534)
                2006-10-25 21:10:19,635 ERROR [STDERR] Debug: EJBException:; nested exception is:
                javax.ejb.EJBException: SecurityException
                2006-10-25 21:10:20,065 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=200
                2006-10-25 21:10:20,065 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=null, sc=org.jboss.security.SecurityAssociation$SubjectContext@1e5a0cb{principal=200,subject=null}
                2006-10-25 21:10:20,065 DEBUG [org.jboss.ejb.plugins.AbstractInstanceCache] Activation failure
                javax.ejb.EJBException: Could not activate; failed to restore state
                at org.jboss.ejb.plugins.StatefulSessionFilePersistenceManager.activateSession(StatefulSessionFilePersistenceManager.java:343)
                at org.jboss.ejb.plugins.StatefulSessionInstanceCache.activate(StatefulSessionInstanceCache.java:113)
                at org.jboss.ejb.plugins.AbstractInstanceCache.doActivate(AbstractInstanceCache.java:457)
                at org.jboss.ejb.plugins.StatefulSessionInstanceCache.doActivate(StatefulSessionInstanceCache.java:129)
                at org.jboss.ejb.plugins.AbstractInstanceCache.get(AbstractInstanceCache.java:123)
                at org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor.invoke(StatefulSessionInstanceInterceptor.java:236)
                at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
                at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
                at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
                at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
                at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
                at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:136)
                at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
                at org.jboss.ejb.Container.invoke(Container.java:954)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:324)
                at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
                at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
                at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:206)
                at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:192)
                at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
                at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
                at org.jboss.proxy.ejb.StatefulSessionInterceptor.invoke(StatefulSessionInterceptor.java:121)
                at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
                at $Proxy77.getAccountsOfCustomer(Unknown Source)
                at com.sun.ebank.web.CustomerBean.getAccounts(CustomerBean.java:113)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:324)
                at org.apache.commons.el.ArraySuffix.evaluate(ArraySuffix.java:314)
                at org.apache.commons.el.ComplexValue.evaluate(ComplexValue.java:145)
                at org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:263)
                at org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:190)
                at org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:932)
                at org.apache.jsp.accountList_jsp._jspx_meth_c_set_0(accountList_jsp.java:231)
                at org.apache.jsp.accountList_jsp._jspService(accountList_jsp.java:117)
                at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
                at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
                at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
                at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:574)
                at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:499)
                at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:966)
                at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:614)
                at com.sun.ebank.web.template.InsertTag.doTag(InsertTag.java:82)
                at org.apache.jsp.template.template_jsp._jspx_meth_tt_insert_3(template_jsp.java:924)
                at org.apache.jsp.template.template_jsp._jspService(template_jsp.java:92)
                at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
                at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
                at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                at org.apach

                • 5. Re: EJB SecurityException on AccountBean EJB dukesbank
                  jaikiran

                   

                  2006-10-25 21:10:19,625 ERROR [STDERR] Debug: AccountControllerBean getAccountsOfCustomer
                  2006-10-25 21:10:19,625 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=200
                  2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin isValid, principal:200, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170]
                  2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a998c1[Subject(20835673).principals=org.jboss.security.SimplePrincipal@4751287(200)org.jboss.security.SimpleGroup@33296132(Roles(members:bankCustomer)),credential.class=java.lang.String@11372121,expirationTime=1161805098170];credential.class=java.lang.String@11372121
                  2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End validateCache, isValid=true
                  2006-10-25 21:10:19,625 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] End isValid, true

                  2006-10-25 21:10:19,635 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                  Principal: 200
                  Principal: Roles(members:bankCustomer)
                  , sc=org.jboss.security.SecurityAssociation$SubjectContext@15651df{principal=200,subject=1655982}
                  2006-10-25 21:10:19,635 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@15651df{principal=200,subject=1655982}
                  2006-10-25 21:10:19,635 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] doesUserHaveRole(Set), subject: Subject:
                  Principal: 200
                  Principal: Roles(members:bankCustomer)

                  2006-10-25 21:10:19,635 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] roles=Roles(members:bankCustomer)
                  2006-10-25 21:10:19,635 TRACE [org.jboss.security.plugins.JaasSecurityManager.dukesbank] hasRole=false


                  Looking at the logs the user has been authenticated successfully but he does not have the necessary roles to use the getAccountsOfCustomer method. In your ejb-jar.xml check what role is required to access this method. The you will have to login with that username/password to be able to successfully invoke this method.



                  • 6. Re: EJB SecurityException on AccountBean EJB dukesbank
                    eric_hootsen

                    I checked out the ejb-jar.xml. The method you are talking about seems to be unchecked. In addition to the rol bankCustomer I also assigned the role bankAdmin to user 200 in the roles.properties file. Still no approvement. Below the method permissions from the ejb-jar.xml file. The permissiond for the getAccountsOfCustomer method marked bold.

                    <assembly-descriptor>
                    <security-role>
                    <role-name>bankCustomer</role-name>
                    </security-role>
                    <security-role>
                    <role-name>bankAdmin</role-name>
                    </security-role>
                    <method-permission>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Home</method-intf>
                    <method-name>remove</method-name>
                    <method-params>
                    <method-param>java.lang.Object</method-param>
                    </method-params>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>setBeginBalanceTimeStamp</method-name>
                    <method-params>
                    <method-param>java.util.Date</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>getHandle</method-name>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>getPrimaryKey</method-name>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Home</method-intf>
                    <method-name>getEJBMetaData</method-name>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>remove</method-name>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>getAccountsOfCustomer</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>getDetails</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Home</method-intf>
                    <method-name>getHomeHandle</method-name>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>isIdentical</method-name>
                    <method-params>
                    <method-param>javax.ejb.EJBObject</method-param>
                    </method-params>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>addCustomerToAccount</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Home</method-intf>
                    <method-name>remove</method-name>
                    <method-params>
                    <method-param>javax.ejb.Handle</method-param>
                    </method-params>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Home</method-intf>
                    <method-name>create</method-name>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>getEJBHome</method-name>

                    </method-permission>
                    <method-permission>
                    <role-name>bankAdmin</role-name>

                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>setBalance</method-name>
                    <method-params>
                    <method-param>java.math.BigDecimal</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>createAccount</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.math.BigDecimal</method-param>
                    <method-param>java.math.BigDecimal</method-param>
                    <method-param>java.math.BigDecimal</method-param>
                    <method-param>java.util.Date</method-param>
                    </method-params>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>setBeginBalance</method-name>
                    <method-params>
                    <method-param>java.math.BigDecimal</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>removeCustomerFromAccount</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>setCreditLine</method-name>
                    <method-params>
                    <method-param>java.math.BigDecimal</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>setDescription</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>removeAccount</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>setType</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>

                    </method-permission>
                    <method-permission>


                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Home</method-intf>
                    <method-name>remove</method-name>
                    <method-params>
                    <method-param>java.lang.Object</method-param>
                    </method-params>


                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>isIdentical</method-name>
                    <method-params>
                    <method-param>javax.ejb.EJBObject</method-param>
                    </method-params>


                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Home</method-intf>
                    <method-name>remove</method-name>
                    <method-params>
                    <method-param>javax.ejb.Handle</method-param>
                    </method-params>


                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>getDetails</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    </method-params>

                    </method-permission>
                    <method-permission>
                    <role-name>bankAdmin</role-name>

                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>getCustomersOfAccount</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>createCustomer</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>getCustomersOfLastName</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>setName</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>removeCustomer</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>setAddress</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>

                    </method-permission>
                    <method-permission>


                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Home</method-intf>
                    <method-name>getHomeHandle</method-name>


                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Home</method-intf>
                    <method-name>create</method-name>


                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>getHandle</method-name>


                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>getPrimaryKey</method-name>


                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Home</method-intf>
                    <method-name>getEJBMetaData</method-name>


                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>remove</method-name>


                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>getEJBHome</method-name>

                    </method-permission>
                    <method-permission>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>LocalHome</method-intf>
                    <method-name>remove</method-name>
                    <method-params>
                    <method-param>java.lang.Object</method-param>
                    </method-params>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>Local</method-intf>
                    <method-name>setBeginBalance</method-name>
                    <method-params>
                    <method-param>java.math.BigDecimal</method-param>
                    </method-params>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>LocalHome</method-intf>
                    <method-name>create</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.math.BigDecimal</method-param>
                    <method-param>java.math.BigDecimal</method-param>
                    <method-param>java.math.BigDecimal</method-param>
                    <method-param>java.util.Date</method-param>
                    <method-param>java.util.ArrayList</method-param>
                    </method-params>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>Local</method-intf>
                    <method-name>setType</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>LocalHome</method-intf>
                    <method-name>findByPrimaryKey</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>Local</method-intf>
                    <method-name>setDescription</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>Local</method-intf>
                    <method-name>setBalance</method-name>
                    <method-params>
                    <method-param>java.math.BigDecimal</method-param>
                    </method-params>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>Local</method-intf>
                    <method-name>setCreditLine</method-name>
                    <method-params>
                    <method-param>java.math.BigDecimal</method-param>
                    </method-params>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>Local</method-intf>
                    <method-name>isIdentical</method-name>
                    <method-params>
                    <method-param>javax.ejb.EJBLocalObject</method-param>
                    </method-params>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>LocalHome</method-intf>
                    <method-name>findByCustomerId</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>Local</method-intf>
                    <method-name>setBeginBalanceTimeStamp</method-name>
                    <method-params>
                    <method-param>java.util.Date</method-param>
                    </method-params>

                    </method-permission>
                    <method-permission>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>Local</method-intf>
                    <method-name>getCreditLine</method-name>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>Local</method-intf>
                    <method-name>getType</method-name>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>Local</method-intf>
                    <method-name>getDetails</method-name>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>Local</method-intf>
                    <method-name>getPrimaryKey</method-name>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>Local</method-intf>
                    <method-name>getBalance</method-name>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>Local</method-intf>
                    <method-name>remove</method-name>


                    <ejb-name>AccountBean</ejb-name>
                    <method-intf>Local</method-intf>
                    <method-name>getEJBLocalHome</method-name>

                    </method-permission>
                    <method-permission>


                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Home</method-intf>
                    <method-name>remove</method-name>
                    <method-params>
                    <method-param>java.lang.Object</method-param>
                    </method-params>


                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Home</method-intf>
                    <method-name>getHomeHandle</method-name>


                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>isIdentical</method-name>
                    <method-params>
                    <method-param>javax.ejb.EJBObject</method-param>
                    </method-params>


                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Home</method-intf>
                    <method-name>create</method-name>


                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Home</method-intf>
                    <method-name>remove</method-name>
                    <method-params>
                    <method-param>javax.ejb.Handle</method-param>
                    </method-params>


                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>getHandle</method-name>


                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>getPrimaryKey</method-name>


                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Home</method-intf>
                    <method-name>getEJBMetaData</method-name>


                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>remove</method-name>


                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>getEJBHome</method-name>


                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>getDetails</method-name>
                    <method-params>
                    <method-param>java.lang.String</method-param>
                    </method-params>

                    </method-permission>
                    <method-permission>
                    <role-name>bankCustomer</role-name>

                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>getTxsOfAccount</method-name>
                    <method-params>
                    <method-param>java.util.Date</method-param>
                    <method-param>java.util.Date</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>transferFunds</method-name>
                    <method-params>
                    <method-param>java.math.BigDecimal</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>withdraw</method-name>
                    <method-params>
                    <method-param>java.math.BigDecimal</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>makePayment</method-name>
                    <method-params>
                    <method-param>java.math.BigDecimal</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>makeCharge</method-name>
                    <method-params>
                    <method-param>java.math.BigDecimal</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>


                    <ejb-name>TxControllerBean</ejb-name>
                    <method-intf>Remote</method-intf>
                    <method-name>deposit</method-name>
                    <method-params>
                    <method-param>java.math.BigDecimal</method-param>
                    <method-param>java.lang.String</method-param>
                    <method-param>java.lang.String</method-param>
                    </method-params>

                    </method-permission>



                    <container-transaction>

                    <ejb-name>AccountControllerBean</ejb-name>
                    <method-name>*</method-name>

                    <trans-attribute>Required</trans-attribute>
                    </container-transaction>
                    <container-transaction>

                    <ejb-name>CustomerControllerBean</ejb-name>
                    <method-name>*</method-name>

                    <trans-attribute>Required</trans-attribute>
                    </container-transaction>
                    <container-transaction>

                    <ejb-name>TxControllerBean</ejb-name>
                    <method-name>*</method-name>

                    <trans-attribute>Required</trans-attribute>
                    </container-transaction>
                    <container-transaction>

                    <ejb-name>AccountBean</ejb-name>
                    <method-name>*</method-name>

                    <trans-attribute>Required</trans-attribute>
                    </container-transaction>
                    <container-transaction>

                    <ejb-name>CustomerBean</ejb-name>
                    <method-name>*</method-name>

                    <trans-attribute>Required</trans-attribute>
                    </container-transaction>
                    <container-transaction>

                    <ejb-name>TxBean</ejb-name>
                    <method-name>*</method-name>

                    <trans-attribute>Required</trans-attribute>
                    </container-transaction>
                    </assembly-descriptor>

                    • 7. Re: EJB SecurityException on AccountBean EJB dukesbank
                      jaikiran

                       

                      I checked out the ejb-jar.xml. The method you are talking about seems to be unchecked


                      I dont see the ejb-jar.xml specifying unchecked for the ejb methods. You will have to explicitly specify it as follows:

                      <assembly-descriptor>
                      <security-role>
                      <role-name>bankCustomer</role-name>
                      </security-role>
                      <security-role>
                      <role-name>bankAdmin</role-name>
                      </security-role>
                      <method-permission>
                      
                       <unchecked/>
                       <method>
                       <ejb-name>AccountControllerBean</ejb-name>
                       <method-intf>Home</method-intf>
                       <method-name>remove</method-name>
                       <method-params>
                       <method-param>java.lang.Object</method-param>
                       </method-params>
                      
                       </method>
                      .....
                      
                      
                      </method-permission>
                      
                      .........


                      Please have a look at the ejb-jar.xml dtd for more details:

                      http://java.sun.com/dtd/ejb-jar_2_0.dtd



                      • 8. Re: EJB SecurityException on AccountBean EJB dukesbank
                        hieutrinh

                        I encountered the same error and after some searching on the web, I finally get it to work. There was an error in the jboss-build.xml where target name = “package-client�. It references to non-existent classes, the com/sun/ebank/ejb/customer/Account.class. Here is how you fix it:



















                        <!-- FIX
                        Remove these two statements and add the next four statements - no such Account.java and AccountHome.java


                        -->

                        <!-- FIX Add these four statements instead -->













                        • 9. Re: EJB SecurityException on AccountBean EJB dukesbank
                          hieutrinh

                          I encountered the same error and after some searching on the web, I finally get it to work. There was an error in the jboss-build.xml where target name = package-client. It references to non-existent classes, the com/sun/ebank/ejb/customer/Account.class. Here is how you fix it:

                          <target name="package-client" depends="compile">
                          <mkdir dir="jar" />
                          <copy todir="${build.dir}">
                           <fileset dir="${src.dir}">
                           <include name="**/appclient/*.properties"/>
                           </fileset>
                           <mapper type="flatten"/>
                          </copy>
                          <delete file="jar/app-client.jar"/>
                          
                          <jar jarfile="jar/app-client.jar">
                           <metainf dir="dd/client" includes="*.xml"/>
                           <fileset dir="${build.dir}">
                           <include name="com/sun/ebank/appclient/**"/>
                           <include name="com/sun/ebank/ejb/exception/**"/>
                           <include name="com/sun/ebank/util/**"/>
                          
                           <!-- FIX
                           Remove these two statements and add the next four statements - no such Account.java and AccountHome.java
                           <include name="com/sun/ebank/ejb/customer/Account.class"/>
                           <include name="com/sun/ebank/ejb/customer/AccountHome.class"/>
                           -->
                          
                           <!-- FIX Add these four statements instead -->
                           <include name="com/sun/ebank/ejb/customer/CustomerControllerHome.class"/>
                           <include name="com/sun/ebank/ejb/customer/CustomerController.class"/>
                           <include name="com/sun/ebank/ejb/account/AccountControllerHome.class"/>
                           <include name="com/sun/ebank/ejb/account/AccountController.class"/>
                          
                           </fileset>
                           <fileset dir="dd/client">
                           <include name="jndi.properties"/>
                           </fileset>
                           <fileset dir="${src.dir}/com/sun/ebank/">
                           <include name="appclient/*.properties"/>
                           </fileset>
                          </jar>
                          </target>