Hello!
I am using jboss-3.0.0 with bundled Tomcat 4.0.3. I am also using Xdoclets.
I have a Java servlet which is a client to an EJB. I have configured Security, but I am having some problems with the communication between the servlet and the EJB. My servlet asks for username/password and validates it. Calling
"request.getUserPrincipal()" I get the right answer.
Whhen the servlet tries to access the EJB, I get the following error:
15:10:22,922 ERROR [SecurityInterceptor] No method permissions assigned to method=create
15:10:22,932 ERROR [STDERR] java.rmi.ServerException: checkSecurityAssociation;
nested exception is:
java.lang.SecurityException: No method permissions assigned to method=create;
My jboss-security.xml is the following:
<security-domain>java:/jaas/MyTEST</security-domain>
<assembly-descriptor>
<security-role>
<role-name>Manager</role-name>
</security-role>
<method-permission>
<ejb-name>test/MyTestSession</ejb-name>
<method-name>create</method-name>
</method-permission>
<method-permission>
<role-name>Manager</role-name>
<ejb-name>test/MyTestSession</ejb-name>
<method-name>*</method-name>
</method-permission>
</assembly-descriptor>
The file is in the right place (directory), because I get the security-domain working.
Isn't this file the right one to include "method-permission" declarations?
Can any one help me, please.
Thank you in advance,
Victor Batista