1 Reply Latest reply on Dec 20, 2002 3:23 AM by Bruno Lowagie

    upgrade 3.0.1 to 3.0.4 problem

    Bruno Lowagie Newbie

      I have a working application in jBoss 3.0.1 and I wanted
      to upgrade it to jBoss 3.0.4.

      I copied my original jboss-service.xml and login-config.xml
      to the 3.0.4 conf directory and I deployed my working sar
      (containing a jboss-service.xml with the defination of a
      security domain) and war files.

      However I get this error:

      2002-12-18 17:01:39,053 INFO [be.ac.rug.ldap.interfaces.LdapLoginModule] Subject:
      Principal: blowagie

      2002-12-18 17:01:39,063 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Insufficient method permissions, principal=blowagie, method=findByPrimaryKey, interface=HOME, requiredRoles=[employee], principalRoles=null

      Instead of:

      2002-12-18 16:54:01,541 INFO [be.ac.rug.ldap.interfaces.LdapLoginModule] Subject:
      Principal: blowagie

      2002-12-18 16:54:01,543 INFO [be.ac.rug.ldap.interfaces.LdapLoginModule] Identity: blowagie
      2002-12-18 16:54:01,544 INFO [be.ac.rug.ldap.interfaces.LdapLoginModule] Identity (getRoleSets): blowagie

      So in the 3.0.1 installation, you see that some methods in
      the LdapLoginModule are called (I logged them), but they
      weren't called in the 3.0.4 installation. Did I overlook
      something?

      I found lots of references to principalRoles=null in the
      forum, but I don't see any situation that ressembles mine...

        • 1. Re: upgrade 3.0.1 to 3.0.4 problem
          Bruno Lowagie Newbie

          OK, I received an answer by Scott Stark through another channel. I haven't tried it yet, but because it could be interesting for other people to I post this follow-up to my own question:

          --
          module: src/main/org/jboss/security/auth/spi; files:
          AbstractServerLoginModule.java
          IdentityLoginModule.java
          UsernamePasswordLoginModule.java

          comments Update the AbstractServerLoginModule and subclasses overriding login to whether login completes successfully. This determines whether the phase should be performed. If the loginOk ivar is not set to true login, commit returns false and does not modify the Subject state. This necessary for chaining login modules together with control flags that do require the login module to complete its login.

          Note: if you have custom login module subclasses that
          override the login method of AbstractServerLoginModule or UsernamePasswordLoginModule you will need to update your code to property set the loginOk ivar.
          --
          Especially the Note is important for me. Thanks to Scott for seeking this out!