0 Replies Latest reply on Jan 17, 2006 6:32 AM by juan carlos

    please help: Security Exception

    juan carlos Newbie

      Hi. I have a problem when migrating from JBOSS 3.2.3 to 3.2.7. On the new version I have the following exception:

      java.lang.SecurityException: Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[], principalRoles=null

      so, there is no login in this page, but no required roles. As I read in FAQ the problem may be that there is no Identity asigned and there must be any althought no roles required to access any method.

      this method create has "unchecked" permissions so no roles are required.
      Here i show part of my configuration files:

      IN JAR:
      jboss.xml: i include

      <security-domain>java:/jaas/seycon</security-domain>


      ejb-jar.xml create and other public methods with -unchecked- permissions

      IN WAR:

      jboss-web.xml include
      <security-domain>java:/jaas/seycon</security-domain>
      <unauthenticated-principal>nobody</unauthenticated-principal>


      IN MY LOGIN-CONFIG.XML: in mu security domain: seycon

      <application-policy name = "seycon">
       <authentication>
       <login-module code = "org.jboss.security.auth.spi.SeyconLoginModule"
       flag = "required">
       <module-option name="dsJndiName">java:/jdbc/SeyconDS</module-option>
       <module-option name="principalsQuery">select usu_pass from sc_wl_usuari where usu_codi=?</module-option>
       <module-option name="rolesQuery">select ugr_codgru, 'Roles' from sc_wl_usugru where ugr_codusu=?</module-option>
       <module-option name="unauthenticatedIdentity">nobody</module-option>
       </login-module>
       <login-module code = "org.jboss.security.ClientLoginModule" flag="required" />
       </authentication>
       </application-policy>



      I hope someone could help me, if need more data, ask for it. Thanks