2 Replies Latest reply on Sep 14, 2003 9:20 AM by Joshua Davis

    Security principal and credential not recognized by the EJB

    Jayaprakash Newbie

      I have defined the roles and method permissions in my ejb-jar.xml. In the login-config, I have configured my LdapLoginModule and I am pointing to the same security-domain in the jboss.xml.

      Now, from the client side, when I try to invoke the bean method as following,

      Properties env = new Properties();

      env.put( "java.naming.factory.initial","org.jnp.interfaces.NamingContextFactory" );
      env.put("java.naming.provider.url","jnp://localhost:1099/");
      env.put( Context.SECURITY_PRINCIPAL, "test" );
      env.put( Context.SECURITY_CREDENTIALS, "test" );

      InitialContext iniCtx = new InitialContext(env);
      Object ref = iniCtx.lookup("EchoBean2");

      EchoHome home = (EchoHome) ref;
      Echo echo = home.create();
      try{
      out.println("Echo.echo('Hello') = "+echo.echo("Hello"));
      }
      catch(Exception e){
      out.println("Exception:" + e.getMessage() );

      }

      Now, I get the exception saying, "Exception:EJBException:; nested exception is: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is: Insufficient method permissions, principal=null, method=echo, interface=REMOTE, requiredRoles=[People, Echo, person, test], principalRoles=[] "

      Note that the principal is null. But instead when I create a LoginContext with the client-login, things are fine and smooth. The client is authenticated and authorized sucessfully.

      Can anyone tell me why when I pass the principal and credential through the environment properties, the information is not taken by the ejb container?

      Thanks much for the help.