Hi. I have a problem when migrating from JBOSS 3.2.3 to 3.2.7. On the new version I have the following exception:
java.lang.SecurityException: Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[], principalRoles=null
so, there is no login in this page, but no required roles. As I read in FAQ the problem may be that there is no Identity asigned and there must be any althought no roles required to access any method.
this method create has "unchecked" permissions so no roles are required.
Here i show part of my configuration files:
IN JAR:
jboss.xml: i include
<security-domain>java:/jaas/seycon</security-domain>
<security-domain>java:/jaas/seycon</security-domain> <unauthenticated-principal>nobody</unauthenticated-principal>
<application-policy name = "seycon"> <authentication> <login-module code = "org.jboss.security.auth.spi.SeyconLoginModule" flag = "required"> <module-option name="dsJndiName">java:/jdbc/SeyconDS</module-option> <module-option name="principalsQuery">select usu_pass from sc_wl_usuari where usu_codi=?</module-option> <module-option name="rolesQuery">select ugr_codgru, 'Roles' from sc_wl_usugru where ugr_codusu=?</module-option> <module-option name="unauthenticatedIdentity">nobody</module-option> </login-module> <login-module code = "org.jboss.security.ClientLoginModule" flag="required" /> </authentication> </application-policy>