3 Replies Latest reply on Jun 18, 2005 11:15 PM by Thomas Diesler

    Security exception for service endpoint

    upankar das Newbie

      Hi,
      I have deployed a JbossStyle web service using service end point. I want to secure this using JBossWS security context.

      Below is what i configured in login-config.xml. I have users.properties and roles.properties in config folder

      <application-policy name = "JBossWS">

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required">
      <module-option name="usersProperties">users.properties</module-option>
      <module-option name="rolesProperties">roles.properties</module-option>
      <module-option name="unauthenticatedIdentity">nobody</module-option>
      </login-module>

      </application-policy>

      My ejb-jar.xml is as below

      <enterprise-beans>

      <ejb-name>XXX</ejb-name>
      <service-endpoint>EndPoint</service-endpoint>
      <ejb-class>EndPointImpl</ejb-class>
      <session-type>Stateless</session-type>
      <transaction-type>Container</transaction-type>
      <security-role-ref>
      <role-name>MySecurity</role-name>
      </security-role-ref>

      </enterprise-beans>

      <assembly-descriptor>
      <security-role>
      <role-name>MySecurity</role-name>
      </security-role>
      <method-permission>
      <role-name>MySecurity</role-name>

      <ejb-name>XXX</ejb-name>
      <method-name>*</method-name>

      </method-permission>
      </assembly-descriptor>

      And my jboss.xml is as below


      <security-domain>java:/jaas/JBossWS</security-domain>
      <enterprise-beans>

      <ejb-name>XXX</ejb-name>
      <jndi-name>YYY</jndi-name>

      </enterprise-beans>


      The service deploys fine. But when I try to invoke it from client app by setting Call.USERNAME_PROPERTY and Call.PASSWORD_PROPERTY, it throws up a security exception as below. Am i missing something. I believe this is a server side configuration issue. Because the same client works fine when i use it to access other secured web services deployed in weblogic. Any help will be highly appreciated

      01:47:28,214 ERROR [SecurityInterceptor] Insufficient method permissions, principal=null, method=test, interface=S
      ERVICE_ENDPOINT, requiredRoles=[MySecurity], principalRoles=[]
      01:47:28,224 ERROR [LogInterceptor] EJBException in method: public abstract int XXX.test() throws java.rmi.RemoteException, causedBy:
      java.lang.SecurityException: Insufficient method permissions, principal=null, method=billUserNo, interface=SERVICE_ENDPO
      INT, requiredRoles=[MySecurity], principalRoles=[]
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:219)
      at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:118)
      at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)
      at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
      at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
      at org.jboss.ejb.Container.invoke(Container.java:854)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
      at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
      at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
      at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:242)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
      at org.jboss.webservice.server.InvokerProviderEJB.invokeServiceEndpoint(InvokerProviderEJB.java:128)
      at org.jboss.webservice.server.InvokerProvider.invokeMethod(InvokerProvider.java:347)
      at org.apache.axis.providers.java.RPCProvider.invokeTarget(RPCProvider.java:177)
      at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:122)
      at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:360)
      at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:73)
      at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:162)
      at org.apache.axis.SimpleChain.invoke(SimpleChain.java:125)
      at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:557)
      at org.jboss.webservice.server.ServerEngine.invokeInternal(ServerEngine.java:202)
      at org.jboss.webservice.server.ServerEngine.invoke(ServerEngine.java:91)
      at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:971)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
      at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:372)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:44)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:169)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
      at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
      at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
      at java.lang.Thread.run(Thread.java:536)
      01:47:28,404 ERROR [ServerEngine] Server error: AxisFault
      faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Client
      faultSubcode:
      faultString: MBeanException: null Cause: java.rmi.ServerException: EJBException:; nested exception is:
      javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
      Insufficient method permissions, principal=null, method=test, interface=SERVICE_ENDPOINT, requiredRoles=[MySecurity], principalRoles=[]
      faultActor:
      faultNode:
      faultDetail:
      {http://xml.apache.org/axis/}stackTrace: MBeanException: null Cause: java.rmi.ServerException: EJBException:; ne
      sted exception is:
      javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
      Insufficient method permissions, principal=null, method=test, interface=SERVICE_ENDPOINT, requiredRoles=[MySecurity], principalRoles=[]
      at org.jboss.mx.interceptor.ReflectedDispatcher.handleInvocationExceptions(ReflectedDispatcher.java:166)
      at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:149)
      at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
      at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
      at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:242)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
      at org.jboss.webservice.server.InvokerProviderEJB.invokeServiceEndpoint(InvokerProviderEJB.java:128)
      at org.jboss.webservice.server.InvokerProvider.invokeMethod(InvokerProvider.java:347)
      at org.apache.axis.providers.java.RPCProvider.invokeTarget(RPCProvider.java:177)
      at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:122)
      at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:360)
      at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:73)
      at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:162)
      at org.apache.axis.SimpleChain.invoke(SimpleChain.java:125)
      at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:557)
      at org.jboss.webservice.server.ServerEngine.invokeInternal(ServerEngine.java:202)
      at org.jboss.webservice.server.ServerEngine.invoke(ServerEngine.java:91)
      at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:971)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
      at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:372)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:44)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:169)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)