1 Reply Latest reply on Oct 9, 2002 8:37 PM by Liam Magee

    Insufficient method permissions....principalRoles=null

    O Newbie

      Hello,

      I am using JBoss 2.4.4 with Tomcat.
      I am getting the following error, and I can't figure out how to solve it:

      Insufficient method permissions, principal=foo, method=create, requiredRoles=[guest], principalRoles=null
      [ERROR,Default] Embedded exception:
      [ERROR,Default] java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
      java.lang.SecurityException: Insufficient method permissions, principal=foo, method=create, requiredRoles=[guest], principalRoles=null
      [ERROR,Default] java.lang.SecurityException: Insufficient method permissions, principal=foo, method=create, requiredRoles=[guest], principalRoles=null


      My app's secure-domain is set to java:/jaas/ServerAuth (in jboss.xml and ejb-jar.xml)

      In ejb-jar.xml I have:
      ....
      <method-permission>
      <role-name>guest</role-name>


      <ejb-name>CommandShell</ejb-name>
      <method-name>*</method-name>

      ....
      </method-permission>

      In conf/default/auth.conf I have:

      ServerAuth {
      org.jboss.security.auth.spi.SimpleServerLoginModule required;
      }

      In client/auth.conf I have:

      ClientAuth {
      org.....ClientLoginModule required;
      }

      My EJB client is doing something like this:

      MyCBH cbHandler = new MyCBH("foo", "foo".toCharArray());
      LoginContext lc = new LoginContext("ClientAuth", cbHandler);
      lc.login();
      ...
      ...
      MyBeanHome home = (MyBeanHome) PortableRemoteObject.narrow(ref, MyBean.class);
      ////// THIS CALL CAUSES THAT EXCEPTION ///////
      _bean = home.create();


      Does anyone know why I would be getting that error from the top of this post?
      I am trying to use the SimpleServerLoginModule, after all!

      Any help would be appreciated, I've been stuck on this for quite a while :(

      Thanks,
      O

        • 1. Re: Insufficient method permissions....principalRoles=null
          Liam Magee Newbie

          Your EJB client is the problem. This is because it requires authentication first before it can authenticate itself. Either:

          1. Make the client non-EJB.
          2. Wrap the client EJB in a separate jar, with separate jboss.xml and ejb-jar.xml files, that do not specify any security domain. The EJB will then be able to authenticate, and any other resources in your app will still require authentication and authorisation. Assuming your app is an ear file, it might look something like:

          /META-INF/application.xml
          /my-main-app.jar (with all EJB's, other resources requiring JAAS)
          /my-authenticating-app.jar (with the EJB performing the authentication - this jar must have NO security domain)

          Regards,

          Liam.