1 Reply Latest reply on Feb 3, 2002 1:22 PM by Roman

    Security exception problem when calling stateful EJB

    Michael Collins Newbie

      I have a stateful session bean that I am calling from Struts actions. I am running JBoss 2.4.3 with Tomcat 3.2.3. My stateful session bean is the primary interface to the EJB layer and provides multiple methods that are called from the struts action. All methods except one are working. When I call the one that is causing the problem, I am receiving the following security exception:

      javax.servlet.ServletException: checkSecurityAssociation; nested exception is:
      java.lang.SecurityException: Insufficient method permissions, principal=null, method=searchIcdCodes, requiredRoles=[Guest User, Basic User, Expert User], principalRoles=[]; nested exception is:
      java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
      java.lang.SecurityException: Insufficient method permissions, principal=null, method=searchIcdCodes, requiredRoles=[Guest User, Basic User, Expert User], principalRoles=[]
      at com.flashcode.flashcode.web.SimpleSearchAction.perform(SimpleSearchAction.java:80)
      at org.apache.struts.action.ActionServlet.processActionPerform(ActionServlet.java:1786)
      at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1585)
      at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:509)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
      at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:405)
      at org.apache.tomcat.core.Handler.service(Handler.java:287)
      at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
      at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:812)
      at org.apache.tomcat.core.ContextManager.service(ContextManager.java:758)
      at org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpConnectionHandler.java:213)
      at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
      at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:501)
      at java.lang.Thread.run(Thread.java:484)

      Root cause:
      javax.transaction.TransactionRolledbackException: checkSecurityAssociation; nested exception is:
      java.lang.SecurityException: Insufficient method permissions, principal=null, method=searchIcdCodes, requiredRoles=[Guest User, Basic User, Expert User], principalRoles=[]; nested exception is:
      java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
      java.lang.SecurityException: Insufficient method permissions, principal=null, method=searchIcdCodes, requiredRoles=[Guest User, Basic User, Expert User], principalRoles=[]
      java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
      java.lang.SecurityException: Insufficient method permissions, principal=null, method=searchIcdCodes, requiredRoles=[Guest User, Basic User, Expert User], principalRoles=[]
      java.lang.SecurityException: Insufficient method permissions, principal=null, method=searchIcdCodes, requiredRoles=[Guest User, Basic User, Expert User], principalRoles=[]
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:216)
      at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:117)
      at org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor.invoke(StatefulSessionInstanceInterceptor.java:243)
      at org.jboss.ejb.plugins.TxInterceptorCMT.invokeNext(TxInterceptorCMT.java:133)
      at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:307)
      at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:99)
      at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:195)
      at org.jboss.ejb.StatefulSessionContainer.invoke(StatefulSessionContainer.java:341)
      at org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoker.invoke(JRMPContainerInvoker.java:489)
      at org.jboss.ejb.plugins.jrmp.interfaces.GenericProxy.invokeContainer(GenericProxy.java:335)
      at org.jboss.ejb.plugins.jrmp.interfaces.StatefulSessionProxy.invoke(StatefulSessionProxy.java:136)
      at $Proxy17.searchIcdCodes(Unknown Source)
      at com.flashcode.flashcode.web.SimpleSearchAction.perform(SimpleSearchAction.java:71)
      at org.apache.struts.action.ActionServlet.processActionPerform(ActionServlet.java:1786)
      at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1585)
      at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:509)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
      at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:405)
      at org.apache.tomcat.core.Handler.service(Handler.java:287)
      at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
      at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:812)
      at org.apache.tomcat.core.ContextManager.service(ContextManager.java:758)
      at org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpConnectionHandler.java:213)
      at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
      at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:501)
      at java.lang.Thread.run(Thread.java:484)

      All of the methods exposed by the stateful EJB have the same security setup. In the struts action that is called right before I perform the action that causes the above exception, the call is working and I know that the logged in user account has the correct access permissions.

      I am bouncing my head against a wall on this. Can anyone help me figure out what to do?

      Thanks,

      Michael