4 Replies Latest reply on Sep 6, 2005 4:45 AM by shankar narayan

    Problem with PrincipalRoles=null; for create method..

    Siva til Newbie

      Hello, I am getting the following problem...

      03:23:07,171 ERROR [SecurityInterceptor] Insufficient method permissions, principal=siva, method=create, interface=HOME, requiredRoles=[User, Administrator], principalRoles=null
      03:23:07,171 INFO [STDOUT] Exception in MethodsServlet: SecurityException; nested exception is:
      java.lang.SecurityException: Insufficient method permissions, principal=siva, method=create, interface=HOME, requiredRoles=[User, Administrator], principalRoles=null
      03:23:07,171 INFO [STDOUT] ?????????????
      03:23:07,171 INFO [STDOUT] java.rmi.AccessException: SecurityException; nested exception is:
      java.lang.SecurityException: Insufficient method permissions, principal=siva, method=create, interface=HOME, requiredRoles=[User, Administrator], principalRoles=null
      03:23:07,171 INFO [STDOUT] at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:370)
      03:23:07,171 INFO [STDOUT] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:125)
      03:23:07,171 INFO [STDOUT] at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
      03:23:07,171 INFO [STDOUT] at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:319)
      03:23:07,171 INFO [STDOUT] at org.jboss.ejb.Container.invoke(Container.java:729)
      03:23:07,171 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      03:23:07,171 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      03:23:07,171 INFO [STDOUT] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      03:23:07,171 INFO [STDOUT] at java.lang.reflect.Method.invoke(Method.java:324)
      03:23:07,171 INFO [STDOUT] at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.java:60)
      03:23:07,171 INFO [STDOUT] at org.jboss.mx.server.Invocation.dispatch(Invocation.java:62)
      03:23:07,171 INFO [STDOUT] at org.jboss.mx.server.Invocation.dispatch(Invocation.java:54)
      03:23:07,171 INFO [STDOUT] at org.jboss.mx.server.Invocation.invoke(Invocation.java:82)
      03:23:07,171 INFO [STDOUT] at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:198)
      03:23:07,171 INFO [STDOUT] at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473)
      03:23:07,171 INFO [STDOUT] at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:97)
      03:23:07,171 INFO [STDOUT] at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:115)
      03:23:07,171 INFO [STDOUT] at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:101)
      03:23:07,171 INFO [STDOUT] at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
      03:23:07,171 INFO [STDOUT] at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:55)
      03:23:07,171 INFO [STDOUT] at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
      03:23:07,171 INFO [STDOUT] at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:86)
      03:23:07,171 INFO [STDOUT] at $Proxy51.create(Unknown Source)
      03:23:07,171 INFO [STDOUT] at com.til.jaas.StockManagerReport.doGet(StockManagerReport.java:100)
      03:23:07,171 INFO [STDOUT] at com.til.jaas.StockManagerReport.doPost(StockManagerReport.java:56)
      03:23:07,171 INFO [STDOUT] at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
      03:23:07,171 INFO [STDOUT] at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      03:23:07,171 INFO [STDOUT] at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      03:23:07,171 INFO [STDOUT] at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:66)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      03:23:07,171 INFO [STDOUT] at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:162)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      03:23:07,171 INFO [STDOUT] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
      03:23:07,171 INFO [STDOUT] at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
      03:23:07,171 INFO [STDOUT] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
      03:23:07,171 INFO [STDOUT] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
      03:23:07,171 INFO [STDOUT] at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
      03:23:07,171 INFO [STDOUT] at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
      03:23:07,171 INFO [STDOUT] at java.lang.Thread.run(Thread.java:536)
      03:23:07,187 INFO [STDOUT] Caused by: java.lang.SecurityException: Insufficient method permissions, principal=siva, method=create, interface=HOME, requiredRoles=[User, Administrator], principalRoles=null
      03:23:07,187 INFO [STDOUT] at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:223)
      03:23:07,187 INFO [STDOUT] at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:74)
      03:23:07,187 INFO [STDOUT] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:121)
      03:23:07,187 INFO [STDOUT] ... 58 more


      my login-config.xml is......
      --------------------------------

      <application-policy name="stockmanager">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
      <module-option name="managedConnectionFactoryName">
      jboss.jca:service=LocalTxCM,name=MSSQLDS
      </module-option>
      <module-option name="dsJndiName">
      java:/MSSQLDS
      </module-option>
      <module-option name="principalsQuery">
      Select Password from Principals where PrincipalID=?
      </module-option>
      <module-option name="rolesQuery">
      Select Role as Role,RoleGroup as RoleGroup from Roles where PrincipalID=?
      </module-option>
      </login-module>
      <login-module code="org.jboss.security.ClientLoginModule" flag="required">
      </login-module>

      </application-policy>


      my ejb-jar.xml is..
      ----------------------

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">

      <ejb-jar>
      <![CDATA[No Description.]]>
      <display-name>Generated by XDoclet</display-name>
      <enterprise-beans>
      <!-- Session Beans -->

      <![CDATA[Description for StockManager]]>
      <display-name>Name for StockManager</display-name>
      <ejb-name>StockManager</ejb-name>
      com.til.jaas.interfaces.StockManagerHome
      com.til.jaas.interfaces.StockManager
      <ejb-class>com.til.jaas.ejb.StockManagerSession</ejb-class>
      <session-type>Stateless</session-type>
      <transaction-type>Container</transaction-type>
      <security-role-ref>
      <role-name>Administrator</role-name>
      <role-link>Administrator</role-link>
      </security-role-ref>
      <security-role-ref>
      <role-name>User</role-name>
      <role-link>User</role-link>
      </security-role-ref>


      </enterprise-beans>

      <assembly-descriptor >
      <security-role>
      <role-name>Administrator</role-name>
      </security-role>
      <security-role>
      <role-name>User</role-name>
      </security-role>

      <method-permission>
      <role-name>Administrator</role-name>

      <ejb-name>StockManager</ejb-name>
      <method-intf>Remote</method-intf>
      <method-name>*</method-name>


      <ejb-name>StockManager</ejb-name>
      <method-intf>Home</method-intf>
      <method-name>*</method-name>

      </method-permission>
      <method-permission>
      <role-name>User</role-name>

      <ejb-name>StockManager</ejb-name>
      <method-intf>Remote</method-intf>
      <method-name>getStockQuantities</method-name>


      <ejb-name>StockManager</ejb-name>
      <method-intf>Home</method-intf>
      <method-name>*</method-name>

      </method-permission>

      </assembly-descriptor>

      </ejb-jar>



      my jboss.xml is...
      -----------------------

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 3.2//EN" "http://www.jboss.org/j2ee/dtd/jboss_3_2.dtd">



      <security-domain>java:/jaas/stockmanager</security-domain>
      <enterprise-beans>


      <ejb-name>StockManager</ejb-name>
      <jndi-name>ejb/StockManager</jndi-name>


      <method-attributes>
      </method-attributes>


      </enterprise-beans>

      <resource-managers>
      </resource-managers>




      ---
      my web.xml is...
      -------------

      <?xml version="1.0" encoding="UTF-8"?>
      <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
      http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

      This is the description of my J2EE component
      <display-name>This is the display name of my J2EE component</display-name>
      <servlet-name>StockManagerServlet</servlet-name>
      <servlet-class>com.til.jaas.StockManagerServlet</servlet-class>


      This is the description of my J2EE component
      <display-name>This is the display name of my J2EE component</display-name>
      <servlet-name>StockManagerReport</servlet-name>
      <servlet-class>com.til.jaas.StockManagerReport</servlet-class>


      <servlet-name>login</servlet-name>
      <jsp-file>/login.jsp</jsp-file>


      <servlet-name>homepage</servlet-name>
      <jsp-file>/homepage.jsp</jsp-file>


      <servlet-mapping>
      <servlet-name>StockManagerServlet</servlet-name>
      <url-pattern>/stockmanager</url-pattern>
      </servlet-mapping>
      <servlet-mapping>
      <servlet-name>StockManagerReport</servlet-name>
      <url-pattern>/stockreport</url-pattern>
      </servlet-mapping>
      <ejb-ref>
      <ejb-ref-name>StockManagerHome</ejb-ref-name>
      <ejb-ref-type>Session</ejb-ref-type>
      com.til.jaas.interfaces.StockManagerHome
      com.til.jaas.interfaces.StockManager
      <ejb-link>StockManager</ejb-link>
      </ejb-ref>
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>stockmanager</web-resource-name>
      Declarative security tests
      <url-pattern>/r/*</url-pattern>
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Administrator</role-name>
      <role-name>User</role-name>
      </auth-constraint>
      <user-data-constraint>
      No description
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>
      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>stockmanager</realm-name>
      </login-config>
      <security-role>
      A user allowed to invoke methods
      <role-name>Administrator</role-name>
      </security-role>
      <security-role>
      A user allowed to invoke methods
      <role-name>User</role-name>
      </security-role>

      </web-app>
      ----------


      Can anybody help me in solving this problem.

      Thanks
      Siva