Problem on ClientLoginModule to Secure EJB Layer
iihome Jul 6, 2004 12:00 AMHi,
I have been put my EJB under JAAS protection and remote call by a disturbed standalone client. My ejb-jar.xml is as following
<ejb-jar>
<enterprise-beans>
<ejb-name>MyBeanSLSB</ejb-name>
MyBeanHome
MyBeanRemote
<ejb-class>MyBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<assembly-descriptor>
<security-role>
<role-name>ADMINISTRATOR</role-name>
</security-role>
<method-permission>
<role-name>ADMINISTRATOR</role-name>
<ejb-name>MyBeanSLSB</ejb-name>
<method-name>*</method-name>
</method-permission>
<method-permission>
<role-name>ADMINISTRATOR</role-name>
<ejb-name>MyBeanSLSB</ejb-name>
<method-intf>Home</method-intf>
<method-name>create</method-name>
</method-permission>
</assembly-descriptor>
</enterprise-beans>
</ejb-jar>
I have use the ClientLoginModule and LoginInitialContextFactory to run on the standalone client and is sucessfully authenicate by the server. However, when I success lookup the Home interface and call create to get the Remote Object. I get the following exception
11:43:54,170 ERROR [SecurityInterceptor] No method permissions assigned to metho
d=create, interface=HOME
11:43:54,170 ERROR [LogInterceptor] EJBException, causedBy:
java.lang.SecurityException: No method permissions assigned to method=create, in
terface=HOME
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(Se
curityInterceptor.java:185)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityIntercep
tor.java:83)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:1
20)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyF
actoryFinderInterceptor.java:93)
at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessS
essionContainer.java:319)
at org.jboss.ejb.Container.invoke(Container.java:743)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.
java:60)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:61)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:53)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.
java:185)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473)
at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:
360)
I been work on both jboss-3.2.2 and jboss-3.2.5 and produce the same error. Meanwhile, I have put security-role/security-role-ref in the session bean descriptor but produce same result. Also I have try to put <method-intf>bahbahbah</method-intf> instead of <method-intf>Home</method-intf> but the server remain deploy success without warning or error. The server seem ignore the method-permission tag setting.
Thanks in advance on what wrong on my setting.