4 Replies Latest reply on Jan 30, 2003 4:04 AM by Panagiotis Korros

    Environment with Logged and Non-Logged Users

    Ken Sipe Newbie

      I desire to have an ejb environment where I may have clients that do not log on, along with clients that do.

      If they log on, They have rights to their roles.

      if they don't log on, they have default rights.
      The unauthenticatedIdentity="nobody" doesn't seem to help me. I assume because I never invoke the LoginContext. The error message at the server for failure to login is:
      [ERROR,SecurityInterceptor] Insufficient method permissions, principal=null, method=create, requiredRoles=[nobody], principalRoles=[]

      So I guess the question is how can I set the clients principal without them logging in?

      Appreciate!

        • 1. Re: Environment with Logged and Non-Logged Users
          Luke Taylor Novice


          > So I guess the question is how can I set the clients principal without them logging in?

          That's what the unauthenticatedIdentity setting is for.

          What do your ejb settings and your server auth.conf look like?

          Luke.

          • 2. Re: Environment with Logged and Non-Logged Users
            Ken Sipe Newbie

            Here is the portion of auth.conf for the module:
            db {

            org.jboss.security.auth.spi.DatabaseServerLoginModule required
            dsJndiName="java:/BetterLIMSDS"
            principalsQuery="select password as passwd from dbuser where userid=?"
            rolesQuery="select GroupName as UserRoles, 'Roles' as Roles from group_user where userid=?"

            unauthenticatedIdentity="nobody"
            ;
            };

            Here's a portion of the ejb-jar for the security access:
            <assembly-descriptor>
            <security-role>
            <role-name>AuthorizedUser</role-name>
            </security-role>
            <security-role>
            <role-name>nobody</role-name>
            </security-role>
            <method-permission>
            Example of security with roles for the SecureHello
            <role-name>nobody</role-name>

            <ejb-name>Hello</ejb-name>
            <method-name>*</method-name>

            </method-permission>

            I guess a question I have at this point, does the unauthenticatedIdentity of "nobody" have to exist in the database with some roles defined? or is this a role that is automatically defined for those not logged on?

            I appreciate all your feedback luke.

            • 3. Re: Environment with Logged and Non-Logged Users
              Michael Wenig Newbie

              It seems that unauthenticatedIdentity provides a principal to use like a "normal" user.

              So either you mark the required methods as "unchecked" or you have to create some mapping from nobody to the roles you need.

              regards Michael

              • 4. Re: Environment with Logged and Non-Logged Users
                Panagiotis Korros Newbie

                I have the same problem. I have defined unathenticatedPrincipal (or even IdentityLoginModule) but i still get the following error:

                java.lang.RuntimeException: checkSecurityAssociation; CausedByException is:
                Authentication exception, principal=null

                from my ejbs.