1 Reply Latest reply on Sep 19, 2002 5:44 AM by ppetit

JBossUserRealm authenticates fine, but wrong propagation of

ppetit Sep 19, 2002 4:16 AM

I'm using JBoss-3.0.2 with Jetty and HSQL with JDK 1.4.0
I have a web client authenticating fine using BASIC authentication.
Propagation of the principal to others JSP pages and servlets is fine.
The log indicates the right Principal (admin) and the right associated role (admin).
My WAR and JAR files are packaged within the same EAR, so I can use local references.
But when invoking a session bean I get a securityException caused by insufficient method permission. The error messages indicates no PrincipalRoles ! it should be "admin" as indicated in the line : [org.jboss.jetty.security.JBossUserRealm#HsqlDbRealm] JBossUserPrincipal: admin is in Role: admin

here is part of the log :
2002-09-19 07:56:32,396 DEBUG [org.jboss.jetty.security.JBossUserRealm#HsqlDbRealm] JBossUserPrincipal: admin
2002-09-19 07:56:32,396 DEBUG [org.jboss.jetty.security.JBossUserRealm#HsqlDbRealm] authenticating: Name:admin Password:****
2002-09-19 07:56:32,396 DEBUG [org.jboss.jetty.security.JBossUserRealm#HsqlDbRealm] authenticated: admin
2002-09-19 07:56:32,396 DEBUG [org.jboss.jetty.security.JBossUserRealm#HsqlDbRealm] setting JAAS subjectAttributeName(j_subject) : null
2002-09-19 07:56:32,396 DEBUG [org.jboss.jetty.security.JBossUserRealm#HsqlDbRealm] JBossUserPrincipal: admin is in Role: admin
[fr.ppet.directory.web.servlets.GroupControllerServlet] Getting references on the Group Mgmt session Bean...
2002-09-19 07:56:32,406 DEBUG [fr.ppet.EJButil.ReferenceManager] Got jndiContext javax.naming.InitialContext@8a178a
2002-09-19 07:56:32,406 DEBUG [fr.ppet.EJButil.ReferenceManager] jndi lookup to local/GroupCollection succeed : local/GroupCollectionHome, classe : $Proxy268
2002-09-19 07:56:32,406 DEBUG [fr.ppet.directory.web.servlets.GroupControllerServlet] Got Home : local/GroupCollectionHome
2002-09-19 07:56:32,406 DEBUG [fr.ppet.directory.web.servlets.GroupControllerServlet] Principal : admin
2002-09-19 07:56:32,406 TRACE [org.jboss.ejb.plugins.LogInterceptor] Start method=create
2002-09-19 07:56:32,406 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Insufficient method permissions, principal=admin, method=create, interface=LOCALHOME, requiredRoles=[admin], principalRoles=null
2002-09-19 07:56:32,406 ERROR [org.jboss.ejb.plugins.LogInterceptor] EJBException, causedBy:
java.lang.SecurityException: Insufficient method permissions, principal=admin, method=create, interface=LOCALHOME, requiredRoles=[admin], principalRoles=null
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:228)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)

All xml conf file seems to be ok as the authentication with my DatabaseLoginModule works... why credentials are taken into account when navigating within web components and disappears within the EJB container context ?

I have no idea how to resolve such a behaviour...
Please help

Philippe

1. Re: JBossUserRealm authenticates fine, but wrong propagation

ppetit Sep 19, 2002 5:44 AM (in response to ppetit)

Curious!.. I resolved the pb... It's working now but I only changed the case of the role' select in login-config... ???

I can't figure why that makes it working best !
Just for my curiousity if somebody gets an idea...

Sorry for the noise.
Philippe
Actions