1 Reply Latest reply on Sep 4, 2009 6:22 AM by Wolfgang Knauf

    Issue in JAAS - EJB3 declarative security

    new toSecurity Newbie

      I 'm running into an issue in EJB3 declarative security in JBoss 4.2.0.

      Here is my scenario.
      1. I have 3 EJB3 beans (let us call it as ClientEJB, LoginEJB and TestBean
      2. ClientEJB needs to call LoginEJB to validate login. Upon successful login (using LoginContext.login()) I would like user's context set to the jBoss container).
      3. Now ClientEJB needs to call TestBean. TestBean has certain methods in which I have following annotations
      @RolesAllowed ({"test"}) // to allow method access to user's with "test" role
      4. But for some reasons I keep getting

      ERROR [RoleBasedAuthorizationInterceptor] Insufficient permissions, principal=null, requiredRoles=[test], principalRoles=[]

      javax.ejb.EJBAccessException: Authorization failure
      at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptor.invoke(RoleBasedAuthorizationInterceptor.java:113)


      5. I was expecting the role which was set in LoginBean inturn propogates to TestBean.

      Can some one help me with this?

      Thanks in advance.