1 Reply Latest reply on Apr 4, 2002 8:57 AM by Matt Hollingsworth

    DatabaseServerLoginModule, principalRoles=null

    Matt Hollingsworth Newbie

      I'm running JBoss3.0.0beta, and using org.jboss.security.auth.spi.DatabaseServerLoginModule to perform authentication.

      I know authentication succeeds - commit() is called, and returns true. The login module also retrieves the correct roles from the database (I've subclassed DatabaseServerLoginModule and listed the roles to confirm this).

      However, when the client then tries to access a secured EJB, an exception is thrown. Extract from JBoss log:
      12:28:22,235 INFO [Default] mjhserver.security.LoginBean@15a3a1 setSessionContext()
      12:28:22,235 ERROR [SecurityInterceptor] Insufficient method permissions, principal=testuser, method=create, requiredRoles=[mjh], principalRoles=null

      ...ie it appears that the principal's roles have not been populated (although the principal itself is ok).


      From ejb-jar.xml
      <ejb-jar>
      <assembly-descriptor>
      ...
      <security-role>
      <role-name>mjh</role-name>
      </security-role>
      <method-permission>
      <role-name>mjh</role-name>

      <ejb-name>MJH.Login</ejb-name>
      <method-name>*</method-name>

      </method-permission>
      ...
      </assembly-descriptor>
      </ejb-jar>

      From jboss.xml:

      <security-domain>java:/jaas/mjh</security-domain>


      I'm at something of a loss - help anyone, please?