0 Replies Latest reply on Sep 8, 2002 11:16 AM by Victor Batista

    <method-permission> +xdoclet

    Victor Batista Newbie

      Hello!
      I am using jboss-3.0.0 with bundled Tomcat 4.0.3. I am also using Xdoclets.
      I have a Java servlet which is a client to an EJB. I have configured Security, but I am having some problems with the communication between the servlet and the EJB. My servlet asks for username/password and validates it. Calling
      "request.getUserPrincipal()" I get the right answer.

      Whhen the servlet tries to access the EJB, I get the following error:
      15:10:22,922 ERROR [SecurityInterceptor] No method permissions assigned to method=create
      15:10:22,932 ERROR [STDERR] java.rmi.ServerException: checkSecurityAssociation;
      nested exception is:
      java.lang.SecurityException: No method permissions assigned to method=create;


      My jboss-security.xml is the following:

      <security-domain>java:/jaas/MyTEST</security-domain>
      <assembly-descriptor>
      <security-role>
      <role-name>Manager</role-name>
      </security-role>

      <method-permission>


      <ejb-name>test/MyTestSession</ejb-name>
      <method-name>create</method-name>

      </method-permission>

      <method-permission>
      <role-name>Manager</role-name>

      <ejb-name>test/MyTestSession</ejb-name>
      <method-name>*</method-name>

      </method-permission>
      </assembly-descriptor>


      The file is in the right place (directory), because I get the security-domain working.
      Isn't this file the right one to include "method-permission" declarations?

      Can any one help me, please.

      Thank you in advance,
      Victor Batista