0 Replies Latest reply on Dec 4, 2003 10:10 PM by pdtripathi

    java.lang.SecurityException: No method permissions assigned

    pdtripathi Newbie

      I am using JaasSecurityManager for implementing security in my application. My server side login module extends org.jboss.security.auth.spi.UsernamePasswordLoginModule.

      Now, once client completes "jaas login", server SecurityInterceptor intercepts this when client calls any remote method on server. Now, all these methods are required to be in proper role(doesUserHaveRole()).

      The issue here is that my server side beans methods doesn't all have been assigned roles. I, therefore, would like to know any mechasins how I can override the role check mechanism and fakely clear the role check.

      The issues for me is:

      - can we return some generic role in server login module "Group[] getRoleSets() throws LoginException" method say "*" or something similar so that while role comparison all methods are cleared.

      - how to override JaasSecurityManager::doesUserHaveRole implementation in my server login module.

      The exception trace:
      2003-12-05 09:18:31,484 ERROR [org.jboss.ejb.plugins.LogInterceptor] EJBException, causedBy:
      java.lang.SecurityException: No method permissions assigned to method=, interface=REMOTE
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:185)
      at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:107)
      at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)

      Thanks in advance!