1 Reply Latest reply on Dec 24, 2002 6:14 AM by Dhiraj

    SecurityAssociation problem in applet

    Bert Newbie

      Hi,

      I'm using JBoss 2.4.4 / Tomcat 4.0.1 bundle and try to access a secured EJB from an applet. Later, I will do a 'real' login, but for test purpose I created some objects which represent a user and propagate this information to the applet container:

      SimplePrincipal actPrincipal = new SimplePrincipal("testuser");
      String password = "1234";
      Principal actRole = new SimplePrincipal("user");

      SecurityAssociation.setPrincipal(actPrincipal);
      SecurityAssociation.setCredential(password.toCharArray());
      SecurityAssociation.pushRunAsRole(actRole);

      When I try to access the secured bean, I get the following error:

      java.lang.SecurityException: Insufficient method permissions, principal=
      testuser, method=create, requiredRoles=[admin, user], principalRoles=null

      A debug message shows me that SecurityAssociation.peekRunAsRole() is 'user' (the correct value). So, why is principalRoles null? I think, the values from SecurityAssociation should be used for any remote call? The setPrincipal() command seems to work, but pushRunAsRole() seems to fail.

      Thanks for any help
      Bert