0 Replies Latest reply on Nov 19, 2003 4:25 AM by Annegret Sternagel

    Insufficient method permissions; method=getEJBObject

    Annegret Sternagel Newbie

      Hello,

      My problem is that I get the following exception on client side after doing nothing for a while and the beans has been passivated:

      Could not activate; nested exception is:
      java.rmi.ServerException: Could not get EJBObject; nested exception is:
      java.rmi.ServerException: RemoteException occurred in server thread; nested
      exception is:
      javax.transaction.TransactionRolledbackException: checkSecurityAssociation;
      nested exception is:
      java.lang.SecurityException: Insufficient method permissions,
      principal=Admin, method=getEJBObject, requiredRoles=[InternalAdmin],
      principalRoles=[Administrator];

      The client creates BeanA (SFSB) as principal Admin with role Administrator. BeanA has the run-as attribute set to "InternalAdmin" and creates BeanB (SFSB). The method-permissions for BeanA (all methods) are set to Administrator, the method-permission for BeanB (all methods) are set to InternalAdmin. All method calls from the client are working well. But when the Beans has been passivated and reactivated the above exception occurs.

      What can I do to avoid this ?
      Do I have to set the method-permission for getEJBObject to the role used by the client to access BeanA ?
      We have a lot of beans and up to 4 roles used by the client, this would result to a number of additional security entries in the deployment descriptor. I would not like to do this.

      jboss 2.4.10, java: Sun 1.4.1_02

      Annegret