-
1. Re: Principal is null in secured EJB
sebi Jun 29, 2003 7:00 PM (in response to time4tea)Hi James,
> Now logged in users can get the required
> functionality. However non-logged-in users get a
>
> java.rmi.ServerException: EJBException:; nested
> exception is:
> javax.ejb.EJBException: checkSecurityAssociation;
> CausedByException is:
> Authentication exception, principal=null
> at
> org.jboss.ejb.plugins.LogInterceptor.handleException(
> ogInterceptor.java:346)
I had this problem a few days ago. The thing is that jboss' security manager will check for user roles on all beans that are secured with a specified security domain in jboss.xml. It does not matter whether one of the method permissions is specified as or not.
In order for the security mangers role check to succedd there has to be a principal (user) assigned to the method call even if the user is not authenticated.
To achieve this you could add the
org.jboss.security.auth.spi.AnonLoginModule with the module option unauthenticatedIdentity=guest to the application login policy for your web application. -
2. Re: Principal is null in secured EJB
time4tea Jul 19, 2003 6:28 AM (in response to time4tea)Thanks! That worked like a charm!
<application-policy name = "databaselogin">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="sufficient">
<module-option name="dsJndiName">java:/defaultDS</module-option>
<module-option name="principalsQuery">select user_password from users where user_name = ?</module-option>
<module-option name="rolesQuery">select role_name, 'Roles' from users u, user_roles ur, roles r where u.user_name = ? and ur.user_id = u.user_id and ur.role_id = r.role_id</module-option>
</login-module>
<login-module flag="required" code="org.jboss.security.auth.spi.AnonLoginModule" >
<module-option name="unauthenticatedIdentity">guest</module-option>
</login-module>
</application-policy>
Hurrah!
James