0 Replies Latest reply on Jul 11, 2003 7:03 PM by Prabhakar Krishnaswami

    ERROR [SecurityInterceptor] Insufficient method permissions,

    Prabhakar Krishnaswami Newbie

      I am trying to port a security application that I downloaded from the web to Jboss 3.x env. While the client login seems to work the server side login fails with the following exception:

      16:30:52,185 ERROR [LogInterceptor] EJBException, causedBy:
      java.lang.SecurityException: Insufficient method permissions, principal=Eric, me
      thod=create, interface=HOME, requiredRoles=[], principalRoles=null
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(Se
      curityInterceptor.java:228)
      at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityIntercep
      tor.java:94)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:1
      33)
      at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionCo
      ntainer.java:300)
      at org.jboss.ejb.Container.invoke(Container.java:756)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517)

      THis happens when an ejb's create method is invoked.

      I realize this topic has been discussed but since I couldn't fix the problem, I posing this issue and request help on this topic.

      Here is a snippet of the login-config.xml I was using:

      <application-policy name = "OciSRP">

      <login-module code = "org.jboss.security.srp.jaas.SRPCacheLoginModule"
      flag = "required">
      <module-option name = "cacheJndiName">srp/AuthenticationCache</module-option>
      </login-module>
      <login-module code = "com.ociweb.jmx.jaas.srp.DatabaseRoleLoginModule"
      flag = "required">
      <module-option name = "dsJndiName">java:/security</module-option>
      <module-option name = "rolesQuery">"SELECT Roles.name, 'Roles' FROM Roles,GroupRoles,Groups,UserGroups,Users WHERE Roles.id=GroupRoles.roleID AND GroupRoles.groupID=Groups.id AND UserGroups.groupID=Groups.ID AND UserGroups.userID=Users.id AND Users.username=?"</module-option>
      <module-option name="password-stacking">useFirstPass</module-option>
      </login-module>


      </application-policy>


      THe DatabaseRolesLoginModule is a custom module which implements initialize(), login(), getIdentity() and getRoleSets(). I put some print statements in this java file and couldn't see getIndentity() and getRoleSets() being called but login() gets called.

      Below is the snippet of ejb-jar.xml which describes the security descriptors:

      <ejb-jar>
      .
      .
      .

      <assembly-descriptor>
      <security-role>
      <role-name>ManageUsers</role-name>
      </security-role>
      <security-role>
      <role-name>ViewUserStatistics</role-name>
      </security-role>
      <security-role>
      <role-name>UpdateCustomer</role-name>
      </security-role>

      <method-permission>


      <ejb-name>CatalogMgrBean</ejb-name>
      <method-name>create</method-name>

      </method-permission>
      </assembly-descriptor>

      <ejb-jar>

      jboss>
      <security-domain>java:/jaas/OciSRP</security-domain>
      <enterprise-beans>

      <ejb-name>CatalogMgrBean</ejb-name>
      <jndi-name>ejb/CatalogMgrHome</jndi-name>

      </enterprise-beans>



      I suspect the problem I am having is because the above methods are not getting called. I initially tried this on JBoss 3.04 with Tomcat 4.1.12 and later I tried with JBoss 3.07 with Tomcat 4.1.24.

      Could somebody tell me why I am having the above problem?


      Any help on the above problem will be appreciated.