0 Replies Latest reply on May 10, 2004 8:12 AM by Manikandan E

    Issue with security-identity/run-as

    Manikandan E Newbie

      I have a EmployeeApplication session bean with ejb-ref to EmployeeEntity bean which is a BMP bean.

      EmployeeApplicationBean has security-identity defined as

      <security-identity>
      <run-as>
      <role-name>InternalUser</role-name>
      </run-as>
      </security-identity>

      Method permission for InternalUser is defined as

      <method-permission>
      <role-name>InternalUser</role-name>

      <ejb-name>EmployeeEntity</ejb-name>
      <method-name>*</method-name>

      </method-permission>

      when EmployeeApplication bean calls method on EmployeeEntity bean, all method calls from the Remote interface gives

      java.lang.SecurityException: Insufficient method permissions, principal=abcd, method=getEmpId, interface=REMOTE, requiredRol
      es=[InternalUser], principalRoles=[Manager]

      user abcd is assigned manager role and given all method permission on EmployeeApplication bean.

      ** There are no exception thrown when EmployeeApplication bean calls create and finder methods on the referenced EmployeeEntity bean.

      Any help highly solicited

      Thanks,
      Mani.