1 Reply Latest reply on Mar 9, 2010 7:39 AM by Wolfgang Knauf

    JAAS Implementation with JBOSS

    mhwish moona Newbie

      I have made a Simple Login Applicat

      ion, thats implemnent JAAS.
      My Applicaiton Authenticate the User Successullly, but not authorize.
      I am using MySQL (Database)
      Server: JBOSS 4.0
      I have made Two Tables:
      1: Login (with column username ,password)
      DATA----------->                                     ali                         123
      2:Userrole(with column username ,role, roleGroup)
      DATA----------->                                        ali                   user        Admin
      Authentication Successful:

      2:54:47,828 INFO  [STDOUT] Here Our Subject is =Subject:
      Principal: ali
      Principal: Admin(members:user)
      2:54:47,828 INFO  [STDOUT] Principal= ali,org.jboss.security.SimplePrincipal
      2:54:47,828 INFO  [STDOUT] Principal= Admin(members:user),org.jboss.security.SimleGroup
      2:54:47,828 INFO  [STDOUT] ....Authentication Succeeded.....

       

      But Problem is here:


      An Exception occurs:

      2:54:48,359 ERROR [RoleBasedAuthorizationInterceptor] Insufficient permissions, principal=null, requiredRoles=[user], principalRoles=[ ]
      2:54:48,359 INFO  [STDOUT] Authorization failure

      2:54:48,359 ERROR [STDERR] javax.ejb.EJBAccessException: Authorization failure
      2:54:48,359 ERROR [STDERR]     at org.jboss.ejb3.security.RoleBasedAuthorizatio
      Interceptor.invoke(RoleBasedAuthorizationInterceptor.java:104)
      2:54:48,359 ERROR [STDERR]     at org.jboss.aop.joinpoint.MethodInvocation.invoeNext(MethodInvocation.java:101)

      Why I am getting this error while In Authentication "lc.login()" found the principal ali but when I am going to authorize "ali" then principal found =null.....

      In My LoginSessionBean I have made method "hello()" Such as:

      @Resource SessionContext ctx;
      @RolesAllowed ({"user"} )
      public void hello() {
      System.out.println(".............With in hello() method..................");
      System.out.println(ctx.getCallerPrincipal().getName());   
      System.out.println(".............Role are going to verify authorize users..................");
      if(ctx.isCallerInRole("user")) {
      System.out.println("hello Ali you r authorize to access:");
      }else if(ctx.isCallerInRole("supervisor")) {
      System.out.println("hello you r authorize to access");
      }else {
      System.out.println("UNAUTHORISED ");
      }
      }