I'm using JBoss 2.4.4 / Tomcat 4.0.1 bundle and try to access a secured EJB from an applet. Later, I will do a 'real' login, but for test purpose I created some objects which represent a user and propagate this information to the applet container:
SimplePrincipal actPrincipal = new SimplePrincipal("testuser");
String password = "1234";
Principal actRole = new SimplePrincipal("user");
When I try to access the secured bean, I get the following error:
java.lang.SecurityException: Insufficient method permissions, principal=
testuser, method=create, requiredRoles=[admin, user], principalRoles=null
A debug message shows me that SecurityAssociation.peekRunAsRole() is 'user' (the correct value). So, why is principalRoles null? I think, the values from SecurityAssociation should be used for any remote call? The setPrincipal() command seems to work, but pushRunAsRole() seems to fail.
Thanks for any help
I am also facing the same problem regarding applets. Were you able to find a fix for that? If so cud u please post the solution to the above problem.