1 2 Previous Next 18 Replies Latest reply on Nov 12, 2004 4:54 AM by Arnold Fung

    Insufficient method permissions, principal=richja, method=cr

    James Richardson Newbie

      Please can anybody explain this error message?

      I think I'm now logged in, but calling an EJB doesn't work.

      This will be the case the first time logging in, then subsequent page refreshes (presumably the principal is now cached?) show a different message:

      2004-11-10 13:33:26,010 TRACE [org.jboss.security.plugins.JaasSecurityManager.gmprofile] updateCache, subject=Subject:
       Principal: richja
       Principal: Roles(members:CMD-DR...)
      2004-11-10 13:34:05,151 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Insufficient method permissions, principal=richja, method=create, interface=LOCALHOME, requiredRoles=[], principalRoles=null


      Note that the principalRoles are now null.

      Any ideas?

      Thanks!




        • 1. Re: Insufficient method permissions, principal=richja, metho
          Arnold Fung Newbie

          I get similar error too.
          Which version of JBoss are you running?

          Have you made any changes to JaasSecurityManagerService in jboss-service.xml?

          • 2. Re: Insufficient method permissions, principal=richja, metho
            James Richardson Newbie


            This is 4.0.0.

            Actually the subject was chopped, it was

            Insufficient method permissions, principal=richja, method=create, interface=LOCALHOME, requiredRoles=[], principalRoles=[CMD-DRV-LON-...]
            


            Note that the required roles are [] (nothing, i assume). What gives?

            Cheers

            James



            • 3. Forgot method permission
              James Richardson Newbie


              The problem was that I had not specified any method-permission roles for the call, nor had i said the method was unchecked.

              Adding a method permission solved the problem. Hurrah.


              Now i still have the issue that with the next invocation ( like resubmitting the page for example) the principal is kept, but the roles are reset to null, and thus get a permission error.

              It seems like the authentication cache is not caching the roles?

              Thanks for any help!


              • 4. Re: Insufficient method permissions, principal=richja, metho
                Scott Stark Master

                The auth cache contains the Subject and its roles. A trace level log on the org.jboss.security category may shed some light.

                • 5. Re: Insufficient method permissions, principal=richja, metho
                  James Richardson Newbie

                  I can tell you that if you reduce the authentication cache timeout to 5 seconds, and the resolution to 1 second, and wait 5 seconds between page submissions, it works fine.

                  If you refresh the page twice in quick succession, it fails.

                  The call getEnvironments is where is succeeds....then refresh again, and failure, immediately after calling updateCache

                  2004-11-10 16:46:04,453 INFO [com.db.es.filter.JaasLoginFilter] doFilter()
                  2004-11-10 16:46:04,454 INFO [com.db.es.filter.JaasLoginFilter] checkAuthentication=true
                  2004-11-10 16:46:04,455 INFO [com.db.es.filter.JaasLoginFilter] Create login context for gmprofile
                  2004-11-10 16:46:04,455 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(gmprofile), size=11
                  2004-11-10 16:46:04,455 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(gmprofile), authInfo=AppConfigurationEntry[]:
                  [0]
                  LoginModule Class: org.jboss.security.WedgetailLoginModule
                  ControlFlag: LoginModuleControlFlag: required
                  Options:name=password-stacking, value=useFirstPass
                  [1]
                  LoginModule Class: org.jboss.security.ClientLoginModule
                  ControlFlag: LoginModuleControlFlag: required
                  Options:name=restore-login-identity, value=true
                  name=password-stacking, value=useFirstPass
                  
                  2004-11-10 16:46:04,456 INFO [com.db.es.filter.JaasLoginFilter] login()
                  2004-11-10 16:46:04,456 TRACE [org.jboss.security.WedgetailLoginModule] initialize
                  2004-11-10 16:46:04,456 DEBUG [org.jboss.security.WedgetailLoginModule] WedgetailLoginModule: Initialise
                  2004-11-10 16:46:04,456 DEBUG [org.jboss.security.WedgetailLoginModule] Subject: Subject:
                  
                  2004-11-10 16:46:04,456 DEBUG [org.jboss.security.WedgetailLoginModule] CallbackHandler: javax.security.auth.login.LoginContext$SecureCallbackHandler@1a264f1
                  2004-11-10 16:46:04,456 DEBUG [org.jboss.security.WedgetailLoginModule] State:
                  2004-11-10 16:46:04,456 DEBUG [org.jboss.security.WedgetailLoginModule] Opts:
                  2004-11-10 16:46:04,456 DEBUG [org.jboss.security.WedgetailLoginModule] password-stacking : useFirstPass
                  2004-11-10 16:46:04,456 DEBUG [org.jboss.security.WedgetailLoginModule] Login()
                  2004-11-10 16:46:04,456 TRACE [org.jboss.security.WedgetailLoginModule] login
                  2004-11-10 16:46:04,456 DEBUG [org.jboss.security.WedgetailLoginModule] Wedgetail: gives richja
                  2004-11-10 16:46:04,456 DEBUG [org.jboss.security.WedgetailLoginModule] commit()
                  2004-11-10 16:46:04,456 TRACE [org.jboss.security.WedgetailLoginModule] commit, loginOk=true
                  2004-11-10 16:46:04,456 DEBUG [org.jboss.security.WedgetailLoginModule] getIdentity() returning richja
                  2004-11-10 16:46:04,456 DEBUG [org.jboss.security.WedgetailLoginModule] getRoleSets()
                  2004-11-10 16:46:04,458 INFO [com.db.es.filter.JaasLoginFilter] doFilter(..)
                  2004-11-10 16:46:04,459 TRACE [org.jboss.security.WedgetailLoginModule] logout
                  2004-11-10 16:46:04,459 DEBUG [org.jboss.security.WedgetailLoginModule] getIdentity() returning richja
                  2004-11-10 16:46:04,459 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(gmprofile), size=11
                  2004-11-10 16:46:04,460 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(gmprofile), authInfo=AppConfigurationEntry[]:
                  [0]
                  LoginModule Class: org.jboss.security.WedgetailLoginModule
                  ControlFlag: LoginModuleControlFlag: required
                  Options:name=password-stacking, value=useFirstPass
                  [1]
                  LoginModule Class: org.jboss.security.ClientLoginModule
                  ControlFlag: LoginModuleControlFlag: required
                  Options:name=restore-login-identity, value=true
                  name=password-stacking, value=useFirstPass
                  
                  2004-11-10 16:46:04,460 TRACE [org.jboss.security.WedgetailLoginModule] initialize
                  2004-11-10 16:46:04,460 DEBUG [org.jboss.security.WedgetailLoginModule] WedgetailLoginModule: Initialise
                  2004-11-10 16:46:04,460 DEBUG [org.jboss.security.WedgetailLoginModule] Subject: Subject:
                  
                  2004-11-10 16:46:04,460 DEBUG [org.jboss.security.WedgetailLoginModule] CallbackHandler: javax.security.auth.login.LoginContext$SecureCallbackHandler@914272
                  2004-11-10 16:46:04,460 DEBUG [org.jboss.security.WedgetailLoginModule] State:
                  2004-11-10 16:46:04,460 DEBUG [org.jboss.security.WedgetailLoginModule] Opts:
                  2004-11-10 16:46:04,460 DEBUG [org.jboss.security.WedgetailLoginModule] password-stacking : useFirstPass
                  2004-11-10 16:46:04,460 DEBUG [org.jboss.security.WedgetailLoginModule] Login()
                  2004-11-10 16:46:04,460 TRACE [org.jboss.security.WedgetailLoginModule] login
                  2004-11-10 16:46:04,460 DEBUG [org.jboss.security.WedgetailLoginModule] Wedgetail: gives richja
                  2004-11-10 16:46:04,460 DEBUG [org.jboss.security.WedgetailLoginModule] commit()
                  2004-11-10 16:46:04,460 TRACE [org.jboss.security.WedgetailLoginModule] commit, loginOk=true
                  2004-11-10 16:46:04,460 DEBUG [org.jboss.security.WedgetailLoginModule] getIdentity() returning richja
                  2004-11-10 16:46:04,460 DEBUG [org.jboss.security.WedgetailLoginModule] getRoleSets()
                  2004-11-10 16:46:04,461 TRACE [org.jboss.security.plugins.JaasSecurityManager.gmprofile] updateCache, subject=Subject:
                   Principal: richja
                   Principal: Roles(members:Domain Users)
                  
                  2004-11-10 16:46:04,462 TRACE [org.jboss.security.plugins.JaasSecurityManager.gmprofile] validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a16b7c[Subject(26712630).principals=[richja, Roles(members:Domain Users)]]
                  2004-11-10 16:46:04,462 TRACE [org.jboss.security.plugins.JaasSecurityManager.gmprofile] validateCache, isValid=true
                  2004-11-10 16:46:04,462 INFO [STDOUT] getEnvironments() : Called by richja
                  2004-11-10 16:46:04,463 INFO [com.db.es.filter.JaasLoginFilter] doneFilter..
                  2004-11-10 16:46:04,463 TRACE [org.jboss.security.WedgetailLoginModule] logout
                  2004-11-10 16:46:04,463 DEBUG [org.jboss.security.WedgetailLoginModule] getIdentity() returning richja
                  2004-11-10 16:46:05,108 INFO [com.db.es.filter.JaasLoginFilter] doFilter()
                  2004-11-10 16:46:05,108 INFO [com.db.es.filter.JaasLoginFilter] checkAuthentication=true
                  2004-11-10 16:46:05,110 INFO [com.db.es.filter.JaasLoginFilter] Create login context for gmprofile
                  2004-11-10 16:46:05,110 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(gmprofile), size=11
                  2004-11-10 16:46:05,110 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(gmprofile), authInfo=AppConfigurationEntry[]:
                  [0]
                  LoginModule Class: org.jboss.security.WedgetailLoginModule
                  ControlFlag: LoginModuleControlFlag: required
                  Options:name=password-stacking, value=useFirstPass
                  [1]
                  LoginModule Class: org.jboss.security.ClientLoginModule
                  ControlFlag: LoginModuleControlFlag: required
                  Options:name=restore-login-identity, value=true
                  name=password-stacking, value=useFirstPass
                  
                  2004-11-10 16:46:05,110 INFO [com.db.es.filter.JaasLoginFilter] login()
                  2004-11-10 16:46:05,110 TRACE [org.jboss.security.WedgetailLoginModule] initialize
                  2004-11-10 16:46:05,110 DEBUG [org.jboss.security.WedgetailLoginModule] WedgetailLoginModule: Initialise
                  2004-11-10 16:46:05,110 DEBUG [org.jboss.security.WedgetailLoginModule] Subject: Subject:
                  
                  2004-11-10 16:46:05,110 DEBUG [org.jboss.security.WedgetailLoginModule] CallbackHandler: javax.security.auth.login.LoginContext$SecureCallbackHandler@d8355
                  2004-11-10 16:46:05,110 DEBUG [org.jboss.security.WedgetailLoginModule] State:
                  2004-11-10 16:46:05,111 DEBUG [org.jboss.security.WedgetailLoginModule] Opts:
                  2004-11-10 16:46:05,111 DEBUG [org.jboss.security.WedgetailLoginModule] password-stacking : useFirstPass
                  2004-11-10 16:46:05,111 DEBUG [org.jboss.security.WedgetailLoginModule] Login()
                  2004-11-10 16:46:05,111 TRACE [org.jboss.security.WedgetailLoginModule] login
                  2004-11-10 16:46:05,111 DEBUG [org.jboss.security.WedgetailLoginModule] Wedgetail: gives richja
                  2004-11-10 16:46:05,111 DEBUG [org.jboss.security.WedgetailLoginModule] commit()
                  2004-11-10 16:46:05,111 TRACE [org.jboss.security.WedgetailLoginModule] commit, loginOk=true
                  2004-11-10 16:46:05,111 DEBUG [org.jboss.security.WedgetailLoginModule] getIdentity() returning richja
                  2004-11-10 16:46:05,111 DEBUG [org.jboss.security.WedgetailLoginModule] getRoleSets()
                  2004-11-10 16:46:05,113 INFO [com.db.es.filter.JaasLoginFilter] doFilter(..)
                  2004-11-10 16:46:05,114 TRACE [org.jboss.security.plugins.JaasSecurityManager.gmprofile] validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a16b7c[Subject(26712630).principals=[richja, Roles(members:Domain Users)]]
                  2004-11-10 16:46:05,114 TRACE [org.jboss.security.plugins.JaasSecurityManager.gmprofile] validateCache, isValid=false
                  2004-11-10 16:46:05,114 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(gmprofile), size=11
                  2004-11-10 16:46:05,114 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(gmprofile), authInfo=AppConfigurationEntry[]:
                  [0]
                  LoginModule Class: org.jboss.security.WedgetailLoginModule
                  ControlFlag: LoginModuleControlFlag: required
                  Options:name=password-stacking, value=useFirstPass
                  [1]
                  LoginModule Class: org.jboss.security.ClientLoginModule
                  ControlFlag: LoginModuleControlFlag: required
                  Options:name=restore-login-identity, value=true
                  name=password-stacking, value=useFirstPass
                  
                  2004-11-10 16:46:05,114 TRACE [org.jboss.security.WedgetailLoginModule] initialize
                  2004-11-10 16:46:05,114 DEBUG [org.jboss.security.WedgetailLoginModule] WedgetailLoginModule: Initialise
                  2004-11-10 16:46:05,115 DEBUG [org.jboss.security.WedgetailLoginModule] Subject: Subject:
                  
                  2004-11-10 16:46:05,115 DEBUG [org.jboss.security.WedgetailLoginModule] CallbackHandler: javax.security.auth.login.LoginContext$SecureCallbackHandler@129645a
                  2004-11-10 16:46:05,115 DEBUG [org.jboss.security.WedgetailLoginModule] State:
                  2004-11-10 16:46:05,115 DEBUG [org.jboss.security.WedgetailLoginModule] Opts:
                  2004-11-10 16:46:05,115 DEBUG [org.jboss.security.WedgetailLoginModule] password-stacking : useFirstPass
                  2004-11-10 16:46:05,115 DEBUG [org.jboss.security.WedgetailLoginModule] Login()
                  2004-11-10 16:46:05,115 TRACE [org.jboss.security.WedgetailLoginModule] login
                  2004-11-10 16:46:05,115 DEBUG [org.jboss.security.WedgetailLoginModule] Wedgetail: gives richja
                  2004-11-10 16:46:05,115 DEBUG [org.jboss.security.WedgetailLoginModule] commit()
                  2004-11-10 16:46:05,115 TRACE [org.jboss.security.WedgetailLoginModule] commit, loginOk=true
                  2004-11-10 16:46:05,115 DEBUG [org.jboss.security.WedgetailLoginModule] getIdentity() returning richja
                  2004-11-10 16:46:05,115 DEBUG [org.jboss.security.WedgetailLoginModule] getRoleSets()
                  2004-11-10 16:46:05,116 TRACE [org.jboss.security.plugins.JaasSecurityManager.gmprofile] updateCache, subject=Subject:
                   Principal: richja
                   Principal: Roles(members:Domain Users)
                  
                  2004-11-10 16:46:05,116 TRACE [org.jboss.security.WedgetailLoginModule] logout
                  2004-11-10 16:46:05,116 DEBUG [org.jboss.security.WedgetailLoginModule] getIdentity() returning richja
                  2004-11-10 16:46:05,116 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Insufficient method permissions, principal=richja, method=create, interface=LOCALHOME, requiredRoles=[Domain Users], principalRoles=null
                  2004-11-10 16:46:05,116 ERROR [org.jboss.ejb.plugins.LogInterceptor] EJBException in method: public abstract com.db.es.position.test.doclet.ejb.ControllerSes com.db.es.position.test.doclet.ejb.ControllerSesLocalHome.create() throws javax.ejb.CreateException, causedBy:
                  java.lang.SecurityException: Insufficient method permissions, principal=richja, method=create, interface=LOCALHOME, requiredRoles=[Domain Users], principalRoles=null
                   at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:219)
                   at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:96)
                   at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
                   at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
                   at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:613)
                   at org.jboss.ejb.Container.invoke(Container.java:876)
                   at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invokeHome(BaseLocalProxyFactory.java:342)
                   at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:118)
                   at $Proxy63.create(Unknown Source)
                   at org.apache.jsp.controller_jsp._jspService(controller_jsp.java:59)
                   at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
                   at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                   at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
                   at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
                   at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
                   at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
                   at com.db.es.filter.JaasLoginFilter.doFilter(JaasLoginFilter.java:91)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
                   at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
                   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                   at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                   at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
                   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                   at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:44)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                   at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:169)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                   at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                   at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                   at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                   at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
                   at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
                   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
                   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
                   at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
                   at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
                   at java.lang.Thread.run(Thread.java:534)
                  2004-11-10 16:46:05,119 TRACE [org.jboss.security.WedgetailLoginModule] logout
                  2004-11-10 16:46:05,119 DEBUG [org.jboss.security.WedgetailLoginModule] getIdentity() returning richja
                  2004-11-10 16:46:05,119 ERROR [org.jboss.web.localhost.Engine] StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw exception
                  javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
                   Insufficient method permissions, principal=richja, method=create, interface=LOCALHOME, requiredRoles=[Domain Users], principalRoles=null
                   at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:220)
                   at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:96)
                   at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
                   at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
                   at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:613)
                   at org.jboss.ejb.Container.invoke(Container.java:876)
                   at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invokeHome(BaseLocalProxyFactory.java:342)
                   at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:118)
                   at $Proxy63.create(Unknown Source)
                   at org.apache.jsp.controller_jsp._jspService(controller_jsp.java:59)
                   at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
                   at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                   at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
                   at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
                   at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
                   at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
                   at com.db.es.filter.JaasLoginFilter.doFilter(JaasLoginFilter.java:91)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
                   at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
                   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                   at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                   at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
                   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                   at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:44)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                   at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:169)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                   at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                   at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                   at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                   at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
                   at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
                   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
                   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
                   at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
                   at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
                   at java.lang.Thread.run(Thread.java:534)
                  java.lang.SecurityException: Insufficient method permissions, principal=richja, method=create, interface=LOCALHOME, requiredRoles=[Domain Users], principalRoles=null
                   at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:219)
                   at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:96)
                   at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
                   at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
                   at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:613)
                   at org.jboss.ejb.Container.invoke(Container.java:876)
                   at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invokeHome(BaseLocalProxyFactory.java:342)
                   at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:118)
                   at $Proxy63.create(Unknown Source)
                   at org.apache.jsp.controller_jsp._jspService(controller_jsp.java:59)
                   at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
                   at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                   at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
                   at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
                   at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
                   at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
                   at com.db.es.filter.JaasLoginFilter.doFilter(JaasLoginFilter.java:91)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
                   at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
                   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                   at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                   at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
                   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                   at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:44)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                   at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:169)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                   at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                   at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                   at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                   at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                   at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
                   at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
                   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
                   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
                   at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
                   at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
                   at java.lang.Thread.run(Thread.java:534)





                  • 6. Re: Insufficient method permissions, principal=richja, metho
                    Scott Stark Master

                    First, org.jboss.security.WedgetailLoginModule is not a jboss login module and should not be using the org.jboss package namespace.

                    The logout immediately before the exception is the problem:

                    2004-11-10 16:46:05,116 TRACE [org.jboss.security.WedgetailLoginModule] logout

                    This invalidates the previously authenticated Subject and removes all associated roles.

                    • 7. Re: Insufficient method permissions, principal=richja, metho
                      James Richardson Newbie


                      Yeah, the code is in the wrong package, because I thought I might have to use the SecurityAssociation classes, but it turns out that its not necessary. This was solved by the use of ClientLoginModule.. it will move back to where it belongs!

                      However, the logout call (its not one that I am making) is also made in the successful call..... so why would that make a difference?? (honest question)

                      Thanks!

                      • 8. Re: Insufficient method permissions, principal=richja, metho
                        Scott Stark Master

                        Just putting a class into a package namespace does not give you access to the package protected classes. The class needs to be loaded by the same class loader, and depending on the class loader, the same jar to actually be seen as from the org.jboss.security package and non-jboss code does not satisfy this condition unless your rebuilding the server with the login module added to the codebase.

                        You seem to have a race condition between multiple threads using the same principal. A cached Subject is a shared object and if there is a logout in one thread after authentication in another thread, but before the authorization check these threads are walking over each other. You need a thread local copy of the Subject to isolate these threads. We do this in the jca layer where authorization checks happen well beyond the authentication point, but I don't think this behavior is accessible from the LoginContext. Create a bug report on sourceforge with an example of what your doing and I can look into how this can be supported.

                        http://sourceforge.net/tracker/?group_id=22866&atid=376685

                        • 9. Re: Insufficient method permissions, principal=richja, metho
                          James Richardson Newbie

                          (The classloader issue is a red-herring)

                          I'm not 100% sure that this is a race condition. Simply waiting until the cache times out will mean that the code works all the time. Refreshing the page before the cache times out will reliably fail all the time.

                          Reducing the cache to zero means the page is now working all the time.

                          This would seem to imply that the cache is at fault? Or I'm interacting with the login system in a non-standard way.

                          • 10. Re: Insufficient method permissions, principal=richja, metho
                            Scott Stark Master

                            The cache is just a map. I explained how the behavior you described could be explained by having two threads running agaist the cached Subject such that the logout of t1 invalidates the Subject instance of t2. Disabling the caching effectively gives you a thread local copy of the Subject.

                            • 11. Re: Insufficient method permissions, principal=richja, metho
                              Arnold Fung Newbie

                              Hi,

                              This is turning into a real interesting discussion. I too suffer from the principalRoles=null problem, but please allow me to explain situation.

                              I am running JBoss 3.2.4

                              LoginModule:
                              client: ClientLoginModule, multithreaded=true
                              server: UsersRolesLoginModule

                              I have enabled TRACE level log, please see below.

                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] initialize
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Passworg hashing activated: algorithm = SHA, encoding = base64
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] findResource: null
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Properties file=file:/home/demo/arnold/Kensington/jboss/server/default-01/conf/users.properties
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] findResource: null
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Properties file=file:/home/demo/arnold/Kensington/jboss/server/default-01/conf/roles.properties
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] login
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] User 'demo' authenticated, loginOk=true
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] commit, loginOk=true
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.plugins.JaasSecurityManager.inforsense] updateCache, subject=Subject:
                               Principal: demo
                               Principal: Roles(members:is-user,mygroup,demoGroup)
                              
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] logout
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] getAppConfigurationEntry(inforsense), authInfo=AppConfigurationEntry[]:
                              [0]
                              LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
                              ControlFlag: LoginModuleControlFlag: required
                              Options:name=hashEncoding, value=base64
                              name=hashAlgorithm, value=SHA
                              
                              2004-11-10 18:13:58,850 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Insufficient method permissions, principal=demo, method=executeNonBlocking, interface=REMOTE, requiredRoles=[<ANYBODY>], principalRoles=null
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] initialize
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Passworg hashing activated: algorithm = SHA, encoding = base64
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] findResource: null
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Properties file=file:/home/demo/arnold/Kensington/jboss/server/default-01/conf/users.properties
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] findResource: null
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Properties file=file:/home/demo/arnold/Kensington/jboss/server/default-01/conf/roles.properties
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] login
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] User 'demo' authenticated, loginOk=true
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] commit, loginOk=true
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.plugins.JaasSecurityManager.inforsense] updateCache, subject=Subject:
                               Principal: demo
                               Principal: Roles(members:is-user,mygroup,demoGroup)
                              
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] logout
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] getAppConfigurationEntry(inforsense), authInfo=AppConfigurationEntry[]:
                              [0]
                              LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
                              ControlFlag: LoginModuleControlFlag: required
                              Options:name=hashEncoding, value=base64
                              name=hashAlgorithm, value=SHA
                              
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] initialize
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Passworg hashing activated: algorithm = SHA, encoding = base64
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] findResource: null
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Properties file=file:/home/demo/arnold/Kensington/jboss/server/default-01/conf/users.properties
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] findResource: null
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Properties file=file:/home/demo/arnold/Kensington/jboss/server/default-01/conf/roles.properties
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] login
                              2004-11-10 18:13:58,850 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] User 'demo' authenticated, loginOk=true
                              2004-11-10 18:13:58,850 ERROR [org.jboss.ejb.plugins.LogInterceptor] EJBException, causedBy:
                              java.lang.SecurityException: Insufficient method permissions, principal=demo, method=executeNonBlocking, interface=REMOTE, requiredRoles=[<ANYBODY>], principalRoles=null
                               at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:229)
                               at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:109)
                               at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:185)
                               at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:84)
                               at org.jboss.ejb.plugins.AbstractTxInterceptorBMT.invokeNext(AbstractTxInterceptorBMT.java:144)
                              



                              Scott, do you think this also indicates a race condition?

                              • 12. Re: Insufficient method permissions, principal=richja, metho
                                Scott Stark Master

                                Yes. Enable logging of the thread by adding %t to the logging pattern to better see this. The logout should be from a seperate thread. If that is not the case someone needs to create a bug report with an example of what is being done.

                                • 13. Re: Insufficient method permissions, principal=richja, metho
                                  Arnold Fung Newbie

                                  I forgot to mention that I have only observed this problem if the cache is disabled!

                                   <!-- JAAS security manager and realm mapping -->
                                   <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
                                   name="jboss.security:service=JaasSecurityManager">
                                   <attribute name="SecurityManagerClassName">
                                   org.jboss.security.plugins.JaasSecurityManager
                                   </attribute>
                                  
                                   <!-- DefaultCacheTimeout: Specifies the default timed cache policy timeout
                                   in seconds.
                                   If you want to disable caching of security credentials, set this to 0 to
                                   force authentication to occur every time. This has no affect if the
                                   AuthenticationCacheJndiName has been changed from the default value.
                                   -->
                                   <attribute name="DefaultCacheTimeout">0</attribute>
                                   <!-- DefaultCacheResolution: Specifies the default timed cache policy
                                   resolution in seconds. This controls the interval at which the cache
                                   current timestamp is updated and should be less than the DefaultCacheTimeout
                                   in order for the timeout to be meaningful. This has no affect if the
                                   AuthenticationCacheJndiName has been changed from the default value.
                                   -->
                                   <attribute name="DefaultCacheResolution">60</attribute>
                                   </mbean>
                                  


                                  This seems to be a clash with time4tea theory of a cache problem.

                                  • 14. Re: Insufficient method permissions, principal=richja, metho
                                    Arnold Fung Newbie

                                    Hello Scott,

                                    TRACE log with thread information! Logout is called from separate thread, but it seems to have stepped over the other thread's login session?


                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (NCI60_V4) initialize
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (NCI60_V4) Passworg hashing activated: algorithm = SHA, encoding = base64
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (NCI60_V4) findResource: null
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (NCI60_V4) Properties file=file:/home/demo/arnold/Kensington/jboss/server/default-01/conf/users.properties
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (NCI60_V4) findResource: null
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (NCI60_V4) Properties file=file:/home/demo/arnold/Kensington/jboss/server/default-01/conf/roles.properties
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (NCI60_V4) login
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (NCI60_V4) User 'demo' authenticated, loginOk=true
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (NCI60_V4) commit, loginOk=true
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.plugins.JaasSecurityManager.inforsense] (NCI60_V4) updateCache, subject=Subject:
                                     Principal: demo
                                     Principal: Roles(members:is-user,mygroup,demoGroup)
                                    
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (RMI TCP Connection(2)-155.198.19.226) logout
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (RMI TCP Connection(2)-155.198.19.226) getAppConfigurationEntry(inforsense), authInfo=AppConfigurationEntry[]:
                                    [0]
                                    LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
                                    ControlFlag: LoginModuleControlFlag: required
                                    Options:name=hashEncoding, value=base64
                                    name=hashAlgorithm, value=SHA
                                    
                                    2004-11-11 10:25:49,820 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] (NCI60_V4) Insufficient method permissions, principal=demo, method=create, interface=LOCALHOME, requiredRoles=[<ANYBODY>], principalRoles=null
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (RMI TCP Connection(2)-155.198.19.226) initialize
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (RMI TCP Connection(2)-155.198.19.226) Passworg hashing activated: algorithm = SHA, encoding = base64
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (RMI TCP Connection(2)-155.198.19.226) findResource: null
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (RMI TCP Connection(2)-155.198.19.226) Properties file=file:/home/demo/arnold/Kensington/jboss/server/default-01/conf/users.properties
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (RMI TCP Connection(2)-155.198.19.226) findResource: null
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (RMI TCP Connection(2)-155.198.19.226) Properties file=file:/home/demo/arnold/Kensington/jboss/server/default-01/conf/roles.properties
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (RMI TCP Connection(2)-155.198.19.226) login
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (RMI TCP Connection(2)-155.198.19.226) User 'demo' authenticated, loginOk=true
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (RMI TCP Connection(2)-155.198.19.226) commit, loginOk=true
                                    2004-11-11 10:25:49,820 TRACE [org.jboss.security.plugins.JaasSecurityManager.inforsense] (RMI TCP Connection(2)-155.198.19.226) updateCache, subject=Subject:
                                     Principal: demo
                                     Principal: Roles(members:is-user,mygroup,demoGroup)
                                    
                                    2004-11-11 10:25:49,820 ERROR [org.jboss.ejb.plugins.LogInterceptor] (NCI60_V4) EJBException, causedBy:
                                    java.lang.SecurityException: Insufficient method permissions, principal=demo, method=create, interface=LOCALHOME, requiredRoles=[<ANYBODY>], principalRoles=null
                                     at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:229)
                                     at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:83)
                                     at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
                                    
                                    



                                    Thanks.
                                    Arnold

                                    1 2 Previous Next