1 Reply Latest reply on Jan 30, 2002 10:16 PM by zzz

    Insufficient method permission Error

    Ed Brown Newbie


      I'm getting Insufficient method permission error when I try to use security in JBoss.




      java.lang.SecurityException: Insufficient method permissions, principal=null, method=create, requiredRoles=[All, Carrier], principalRoles=null; nested exception is:
      java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
      java.lang.SecurityException: Insufficient method permissions, principal=null, method=create, requiredRoles=[All, Carrier], principalRoles=null
      java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
      java.lang.SecurityException: Insufficient method permissions, principal=null, method=create, requiredRoles=[All, Carrier], principalRoles=null
      java.lang.SecurityException: Insufficient method permissions, principal=null, method=create, requiredRoles=[All, Carrier], principalRoles=null
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:215)
      at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:91)
      at org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor.invokeHome(StatefulSessionInstanceInterceptor.java:119)
      at org.jboss.ejb.plugins.TxInterceptorCMT.invokeNext(TxInterceptorCMT.java:142)
      at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:347)
      at org.jboss.ejb.plugins.TxInterceptorCMT.invokeHome(TxInterceptorCMT.java:86)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:103)
      at org.jboss.ejb.StatefulSessionContainer.invokeHome(StatefulSessionContainer.java:324)
      at org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoker.invokeHome(JRMPContainerInvoker.java:387)
      at org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoker.invokeHome(JRMPContainerInvoker.java:443)
      at org.jboss.ejb.plugins.jrmp.interfaces.HomeProxy.invokeHome(HomeProxy.java:237)
      at org.jboss.ejb.plugins.jrmp.interfaces.HomeProxy.invoke(HomeProxy.java:182)
      at $Proxy41.create(Unknown Source)
      at sectest.LoginServlet.doGet(LoginServlet.java:83)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)

      -------------

      My ejb-jar.xml

      <ejb-jar>
      <enterprise-beans>

      <ejb-name>Login</ejb-name>
      sectest.LoginHome
      sectest.Login
      <ejb-class>sectest.LoginBean</ejb-class>
      <session-type>Stateful</session-type>
      <transaction-type>Container</transaction-type>
      <security-role-ref>
      <role-name>edwin</role-name>
      <role-link>Carrier</role-link>
      </security-role-ref>
      <security-role-ref>
      <role-name>Carrier</role-name>
      <role-link>Carrier</role-link>
      </security-role-ref>

      </enterprise-beans>
      <assembly-descriptor>
      <security-role>
      <role-name>Carrier</role-name>
      </security-role>
      <security-role>
      <role-name>All</role-name>
      </security-role>
      <method-permission>
      <role-name>Carrier</role-name>
      <role-name>All</role-name>

      Method permissions for I don't know what.
      <ejb-name>Login</ejb-name>
      <method-name>create</method-name>
      <method-params>
      <method-param>java.lang.String</method-param>
      <method-param>java.lang.String</method-param>
      </method-params>

      </method-permission>
      <method-permission>
      <role-name>Carrier</role-name>

      <ejb-name>Login</ejb-name>
      <method-name>create</method-name>
      <method-params />

      </method-permission>
      <method-permission>
      <role-name>Carrier</role-name>

      <ejb-name>Login</ejb-name>
      <method-name>validate</method-name>
      <method-params />

      </method-permission>
      <container-transaction>

      <ejb-name>Login</ejb-name>
      <method-name>*</method-name>

      <trans-attribute>Required</trans-attribute>
      </container-transaction>
      </assembly-descriptor>
      </ejb-jar>


      --------

      All help is very much appreciated.