0 Replies Latest reply on Jul 11, 2003 7:03 PM by Prabhakar Krishnaswami

    ERROR [SecurityInterceptor] Insufficient method permissions,

    Prabhakar Krishnaswami Newbie

      I am trying to port a security application that I downloaded from the web to Jboss 3.x env. While the client login seems to work the server side login fails with the following exception:

      16:30:52,185 ERROR [LogInterceptor] EJBException, causedBy:
      java.lang.SecurityException: Insufficient method permissions, principal=Eric, me
      thod=create, interface=HOME, requiredRoles=[], principalRoles=null
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(Se
      at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityIntercep
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:1
      at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionCo
      at org.jboss.ejb.Container.invoke(Container.java:756)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517)

      THis happens when an ejb's create method is invoked.

      I realize this topic has been discussed but since I couldn't fix the problem, I posing this issue and request help on this topic.

      Here is a snippet of the login-config.xml I was using:

      <application-policy name = "OciSRP">

      <login-module code = "org.jboss.security.srp.jaas.SRPCacheLoginModule"
      flag = "required">
      <module-option name = "cacheJndiName">srp/AuthenticationCache</module-option>
      <login-module code = "com.ociweb.jmx.jaas.srp.DatabaseRoleLoginModule"
      flag = "required">
      <module-option name = "dsJndiName">java:/security</module-option>
      <module-option name = "rolesQuery">"SELECT Roles.name, 'Roles' FROM Roles,GroupRoles,Groups,UserGroups,Users WHERE Roles.id=GroupRoles.roleID AND GroupRoles.groupID=Groups.id AND UserGroups.groupID=Groups.ID AND UserGroups.userID=Users.id AND Users.username=?"</module-option>
      <module-option name="password-stacking">useFirstPass</module-option>


      THe DatabaseRolesLoginModule is a custom module which implements initialize(), login(), getIdentity() and getRoleSets(). I put some print statements in this java file and couldn't see getIndentity() and getRoleSets() being called but login() gets called.

      Below is the snippet of ejb-jar.xml which describes the security descriptors:










      I suspect the problem I am having is because the above methods are not getting called. I initially tried this on JBoss 3.04 with Tomcat 4.1.12 and later I tried with JBoss 3.07 with Tomcat 4.1.24.

      Could somebody tell me why I am having the above problem?

      Any help on the above problem will be appreciated.