3 Replies Latest reply on Feb 7, 2012 10:40 PM by Linh Pham

    Test Secure EJB with Arquillian

    Linh Pham Newbie

      Hi All,

       

      I am using JBoss 6.1 and I got a secure EJB having methods annotated with @RolesAllowed("Admin"). I am trying to test this method with Arquillian.

       

      I have done the EJB log in successfully in the @Before of the test, however, it failed to invoke the method. From the TRACE log, I can see that the principal and roles are correct (in this case, 'myuser' and 'Admin'), but the secure EJB's method info is wrong (requiredRoles are empty).

       

          TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]

          TRACE [org.jboss.security.authorization.modules.ejb.EJBPolicyModuleDelegate] method=public au.com.domain.DTOObject au.com.ejb.SecureServiceBean.save(au.com.domain.DTOObject), interface=Local, requiredRoles=Roles()

          TRACE [org.jboss.security.authorization.modules.ejb.EJBPolicyModuleDelegate] Exception:Insufficient method permissions, principal=myuser, ejbName=SecureServiceBean, method=save, interface=Local, requiredRoles=Roles(), principalRoles=Roles(Admin,)

       

      I was able to successfully invoke a method in the same EJB with @PermitAll.

       

      I have looked for Arquillian documentation around secure EJB, but couldn't find any.

       

      Many thanks for your help.

       

      -- Linh