1 Reply Latest reply on Sep 19, 2002 5:44 AM by ppetit

    JBossUserRealm authenticates fine, but wrong propagation of

    ppetit Newbie

      I'm using JBoss-3.0.2 with Jetty and HSQL with JDK 1.4.0
      I have a web client authenticating fine using BASIC authentication.
      Propagation of the principal to others JSP pages and servlets is fine.
      The log indicates the right Principal (admin) and the right associated role (admin).
      My WAR and JAR files are packaged within the same EAR, so I can use local references.
      But when invoking a session bean I get a securityException caused by insufficient method permission. The error messages indicates no PrincipalRoles ! it should be "admin" as indicated in the line : [org.jboss.jetty.security.JBossUserRealm#HsqlDbRealm] JBossUserPrincipal: admin is in Role: admin

      here is part of the log :
      2002-09-19 07:56:32,396 DEBUG [org.jboss.jetty.security.JBossUserRealm#HsqlDbRealm] JBossUserPrincipal: admin
      2002-09-19 07:56:32,396 DEBUG [org.jboss.jetty.security.JBossUserRealm#HsqlDbRealm] authenticating: Name:admin Password:****
      2002-09-19 07:56:32,396 DEBUG [org.jboss.jetty.security.JBossUserRealm#HsqlDbRealm] authenticated: admin

      2002-09-19 07:56:32,396 DEBUG [org.jboss.jetty.security.JBossUserRealm#HsqlDbRealm] setting JAAS subjectAttributeName(j_subject) : null
      2002-09-19 07:56:32,396 DEBUG [org.jboss.jetty.security.JBossUserRealm#HsqlDbRealm] JBossUserPrincipal: admin is in Role: admin
      [fr.ppet.directory.web.servlets.GroupControllerServlet] Getting references on the Group Mgmt session Bean...
      2002-09-19 07:56:32,406 DEBUG [fr.ppet.EJButil.ReferenceManager] Got jndiContext javax.naming.InitialContext@8a178a
      2002-09-19 07:56:32,406 DEBUG [fr.ppet.EJButil.ReferenceManager] jndi lookup to local/GroupCollection succeed : local/GroupCollectionHome, classe : $Proxy268
      2002-09-19 07:56:32,406 DEBUG [fr.ppet.directory.web.servlets.GroupControllerServlet] Got Home : local/GroupCollectionHome
      2002-09-19 07:56:32,406 DEBUG [fr.ppet.directory.web.servlets.GroupControllerServlet] Principal : admin
      2002-09-19 07:56:32,406 TRACE [org.jboss.ejb.plugins.LogInterceptor] Start method=create
      2002-09-19 07:56:32,406 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Insufficient method permissions, principal=admin, method=create, interface=LOCALHOME, requiredRoles=[admin], principalRoles=null
      2002-09-19 07:56:32,406 ERROR [org.jboss.ejb.plugins.LogInterceptor] EJBException, causedBy:
      java.lang.SecurityException: Insufficient method permissions, principal=admin, method=create, interface=LOCALHOME, requiredRoles=[admin], principalRoles=null
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:228)
      at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)


      All xml conf file seems to be ok as the authentication with my DatabaseLoginModule works... why credentials are taken into account when navigating within web components and disappears within the EJB container context ?

      I have no idea how to resolve such a behaviour...
      Please help

      Philippe