3 Replies Latest reply on Feb 9, 2004 3:08 PM by Scott Stark

    using unchecked methods but still get

    ll0011 Newbie

      In my ejb-jar.xml file (generated by ejbDoclet) I have an assembly-descriptor section containing method-permission elements for all my methods (including create methods), and they all have the "unchecked" element.

      But when I access the create method on the home interface, I get "Authentication exception, principal=null".

      Any suggestions?


      Here's the log output:

      23:57:16,993 ERROR [SecurityInterceptor] Authentication exception, principal=null
      23:57:16,994 ERROR [LogInterceptor] EJBException, causedBy:
      java.lang.SecurityException: Authentication exception, principal=null
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:164)
      at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:81)
      at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invokeHome(CachedConnectionInterceptor.java:214)
      at org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor.invokeHome(StatefulSessionInstanceInterceptor.java:126)
      at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:88)
      at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:267)
      at org.jboss.ejb.plugins.TxInterceptorCMT.invokeHome(TxInterceptorCMT.java:98)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
      at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
      at org.jboss.ejb.StatefulSessionContainer.internalInvokeHome(StatefulSessionContainer.java:404)
      ...

        • 1. Re: using unchecked methods but still get
          Juha Lindfors Master

          You still need an authenticated user even though the authorization is "unchecked". Depending which login module you have configured, you can use module option unauthenticatedIdentity=< identity name> to pass user identity. See the documentation for more details.

          • 2. How to use NO authentication
            ll0011 Newbie

            Hi, Thanks for the reply. I added the unauthenticatedIdentity module option to the "other" application policy, but it didn't help. (I also tried the "client-login" policy).

            What else could I be doing wrong? This is a simple test app and I just want to disable authentication completely.

            Thanks.

            Here is the excerpt from my login-config.xml (btw, the "authentication" elements are there, but I noticed when I did a preview that they don't show up for some reason...)

             <application-policy name = "other">
             <authentication>
             <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required" />
             <module-option name = "unauthenticatedIdentity">guest</module-option>
             </authentication>
             </application-policy>
            


            • 3. Re: using unchecked methods but still get
              Scott Stark Master

              Fix your xml, module-option is a child element of login-module:

               <application-policy name = "other">
              
               <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
               <module-option name = "unauthenticatedIdentity">guest</module-option>
               </login-module>
               </application-policy>