1 Reply Latest reply on Aug 26, 2002 2:07 PM by Michael Wenig

    account-manager: create new accounts and method permissions

    Michael Wenig Newbie


      I'm writing an account-manager app where users can register themselves so that they can authenticate themselves later with the information entered.

      So I have a SessionBean (SUserBean) with two methods ("getNewUser" "storeNewUser") which everyone (especially unathenticated users) are allowed to call.
      In addition I have a method "getUser" which returns the actual users data (to edit the own user profile).

      So I placed method-permissions on the methods-to-secure, entered a name for "unauthenticated-principal" in jboss.xml and assigned method-permissions for this user to the two unsecure-methods.

      But this doen't work - all I get are SecurityPermissions (principal=null) at the point where I create a new bean

      (look dtds below)
      I think there is a mapping mising between the user "NOBODY" and the role "UNATHENTICATED" but I didn't found anything where I can specifiy this. I also tried to use the same name but that didn't work, too.

      Can anyone help me???

      Thanks Michael

      Here are my DDs: (compressed to security-relevant parts)