3 Replies Latest reply on Jun 18, 2005 11:15 PM by thomas.diesler

Security exception for service endpoint

upankar May 31, 2005 4:35 PM

Hi,
I have deployed a JbossStyle web service using service end point. I want to secure this using JBossWS security context.

Below is what i configured in login-config.xml. I have users.properties and roles.properties in config folder

<application-policy name = "JBossWS">

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="usersProperties">users.properties</module-option>
<module-option name="rolesProperties">roles.properties</module-option>
<module-option name="unauthenticatedIdentity">nobody</module-option>
</login-module>

</application-policy>

My ejb-jar.xml is as below

<enterprise-beans>

<ejb-name>XXX</ejb-name>
<service-endpoint>EndPoint</service-endpoint>
<ejb-class>EndPointImpl</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<security-role-ref>
<role-name>MySecurity</role-name>
</security-role-ref>

</enterprise-beans>

<assembly-descriptor>
<security-role>
<role-name>MySecurity</role-name>
</security-role>
<method-permission>
<role-name>MySecurity</role-name>

<ejb-name>XXX</ejb-name>
<method-name>*</method-name>

</method-permission>
</assembly-descriptor>

And my jboss.xml is as below

<security-domain>java:/jaas/JBossWS</security-domain>
<enterprise-beans>

<ejb-name>XXX</ejb-name>
<jndi-name>YYY</jndi-name>

</enterprise-beans>

The service deploys fine. But when I try to invoke it from client app by setting Call.USERNAME_PROPERTY and Call.PASSWORD_PROPERTY, it throws up a security exception as below. Am i missing something. I believe this is a server side configuration issue. Because the same client works fine when i use it to access other secured web services deployed in weblogic. Any help will be highly appreciated

01:47:28,214 ERROR [SecurityInterceptor] Insufficient method permissions, principal=null, method=test, interface=S
ERVICE_ENDPOINT, requiredRoles=[MySecurity], principalRoles=[]
01:47:28,224 ERROR [LogInterceptor] EJBException in method: public abstract int XXX.test() throws java.rmi.RemoteException, causedBy:
java.lang.SecurityException: Insufficient method permissions, principal=null, method=billUserNo, interface=SERVICE_ENDPO
INT, requiredRoles=[MySecurity], principalRoles=[]
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:219)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:118)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
at org.jboss.ejb.Container.invoke(Container.java:854)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:242)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
at org.jboss.webservice.server.InvokerProviderEJB.invokeServiceEndpoint(InvokerProviderEJB.java:128)
at org.jboss.webservice.server.InvokerProvider.invokeMethod(InvokerProvider.java:347)
at org.apache.axis.providers.java.RPCProvider.invokeTarget(RPCProvider.java:177)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:122)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:360)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:73)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:162)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:125)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:557)
at org.jboss.webservice.server.ServerEngine.invokeInternal(ServerEngine.java:202)
at org.jboss.webservice.server.ServerEngine.invoke(ServerEngine.java:91)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:971)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:372)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:44)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:169)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:536)
01:47:28,404 ERROR [ServerEngine] Server error: AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Client
faultSubcode:
faultString: MBeanException: null Cause: java.rmi.ServerException: EJBException:; nested exception is:
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Insufficient method permissions, principal=null, method=test, interface=SERVICE_ENDPOINT, requiredRoles=[MySecurity], principalRoles=[]
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace: MBeanException: null Cause: java.rmi.ServerException: EJBException:; ne
sted exception is:
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Insufficient method permissions, principal=null, method=test, interface=SERVICE_ENDPOINT, requiredRoles=[MySecurity], principalRoles=[]
at org.jboss.mx.interceptor.ReflectedDispatcher.handleInvocationExceptions(ReflectedDispatcher.java:166)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:149)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:242)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
at org.jboss.webservice.server.InvokerProviderEJB.invokeServiceEndpoint(InvokerProviderEJB.java:128)
at org.jboss.webservice.server.InvokerProvider.invokeMethod(InvokerProvider.java:347)
at org.apache.axis.providers.java.RPCProvider.invokeTarget(RPCProvider.java:177)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:122)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:360)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:73)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:162)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:125)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:557)
at org.jboss.webservice.server.ServerEngine.invokeInternal(ServerEngine.java:202)
at org.jboss.webservice.server.ServerEngine.invoke(ServerEngine.java:91)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:971)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:372)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:44)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:169)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

1. Re: Security exception for service endpoint

thomas.diesler Jun 15, 2005 4:22 AM (in response to upankar)

Is your security configured correctly in ejb-jax.xml?

java.lang.SecurityException: Insufficient method permissions, principal=null, method=billUserNo, interface=SERVICE_ENDPO
INT, requiredRoles=[MySecurity], principalRoles=[]
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:219)

2. Re: Security exception for service endpoint

upankar Jun 16, 2005 3:44 PM (in response to upankar)

Thomas,
Thanks for ur response. It is working now.. there was something wrong in setting.
Anyway, would like to know does jboss end point WS support transactions ? How can I achieve that if my want my web service clients to be able to initiate a transaction ?

Rgds,
Upankar
Actions
3. Re: Security exception for service endpoint

thomas.diesler Jun 18, 2005 11:15 PM (in response to upankar)

What you are probably looking for is support for WS-Transaction. You can vote on it here

http://jira.jboss.org/jira/browse/JBWS-36
Actions

Go to original post