Security exception for service endpoint
upankar May 31, 2005 4:35 PMHi,
I have deployed a JbossStyle web service using service end point. I want to secure this using JBossWS security context.
Below is what i configured in login-config.xml. I have users.properties and roles.properties in config folder
<application-policy name = "JBossWS">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="usersProperties">users.properties</module-option>
<module-option name="rolesProperties">roles.properties</module-option>
<module-option name="unauthenticatedIdentity">nobody</module-option>
</login-module>
</application-policy>
My ejb-jar.xml is as below
<enterprise-beans>
<ejb-name>XXX</ejb-name>
<service-endpoint>EndPoint</service-endpoint>
<ejb-class>EndPointImpl</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<security-role-ref>
<role-name>MySecurity</role-name>
</security-role-ref>
</enterprise-beans>
<assembly-descriptor>
<security-role>
<role-name>MySecurity</role-name>
</security-role>
<method-permission>
<role-name>MySecurity</role-name>
<ejb-name>XXX</ejb-name>
<method-name>*</method-name>
</method-permission>
</assembly-descriptor>
And my jboss.xml is as below
<security-domain>java:/jaas/JBossWS</security-domain>
<enterprise-beans>
<ejb-name>XXX</ejb-name>
<jndi-name>YYY</jndi-name>
</enterprise-beans>
The service deploys fine. But when I try to invoke it from client app by setting Call.USERNAME_PROPERTY and Call.PASSWORD_PROPERTY, it throws up a security exception as below. Am i missing something. I believe this is a server side configuration issue. Because the same client works fine when i use it to access other secured web services deployed in weblogic. Any help will be highly appreciated
01:47:28,214 ERROR [SecurityInterceptor] Insufficient method permissions, principal=null, method=test, interface=S
ERVICE_ENDPOINT, requiredRoles=[MySecurity], principalRoles=[]
01:47:28,224 ERROR [LogInterceptor] EJBException in method: public abstract int XXX.test() throws java.rmi.RemoteException, causedBy:
java.lang.SecurityException: Insufficient method permissions, principal=null, method=billUserNo, interface=SERVICE_ENDPO
INT, requiredRoles=[MySecurity], principalRoles=[]
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:219)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:118)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
at org.jboss.ejb.Container.invoke(Container.java:854)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:242)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
at org.jboss.webservice.server.InvokerProviderEJB.invokeServiceEndpoint(InvokerProviderEJB.java:128)
at org.jboss.webservice.server.InvokerProvider.invokeMethod(InvokerProvider.java:347)
at org.apache.axis.providers.java.RPCProvider.invokeTarget(RPCProvider.java:177)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:122)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:360)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:73)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:162)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:125)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:557)
at org.jboss.webservice.server.ServerEngine.invokeInternal(ServerEngine.java:202)
at org.jboss.webservice.server.ServerEngine.invoke(ServerEngine.java:91)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:971)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:372)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:44)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:169)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:536)
01:47:28,404 ERROR [ServerEngine] Server error: AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Client
faultSubcode:
faultString: MBeanException: null Cause: java.rmi.ServerException: EJBException:; nested exception is:
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Insufficient method permissions, principal=null, method=test, interface=SERVICE_ENDPOINT, requiredRoles=[MySecurity], principalRoles=[]
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace: MBeanException: null Cause: java.rmi.ServerException: EJBException:; ne
sted exception is:
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Insufficient method permissions, principal=null, method=test, interface=SERVICE_ENDPOINT, requiredRoles=[MySecurity], principalRoles=[]
at org.jboss.mx.interceptor.ReflectedDispatcher.handleInvocationExceptions(ReflectedDispatcher.java:166)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:149)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:242)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
at org.jboss.webservice.server.InvokerProviderEJB.invokeServiceEndpoint(InvokerProviderEJB.java:128)
at org.jboss.webservice.server.InvokerProvider.invokeMethod(InvokerProvider.java:347)
at org.apache.axis.providers.java.RPCProvider.invokeTarget(RPCProvider.java:177)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:122)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:360)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:73)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:162)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:125)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:557)
at org.jboss.webservice.server.ServerEngine.invokeInternal(ServerEngine.java:202)
at org.jboss.webservice.server.ServerEngine.invoke(ServerEngine.java:91)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:971)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:372)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:44)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:169)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)