JBoss JAAS Authorization Exception
akhilachuthan Oct 29, 2009 9:07 AMmy piece of code is accessing ejb session methods that has roles defined to it. But its quite strange to see that a few of those does not allow access even when there is enough roles associated with the calling principal..
below is the log for the error. Here my session bean method is protected with a role named DEFAULT_ROLE_FOR_SERVER. The calling principal has it too, but is still denied access.. Any idea????
2009-10-29 15:47:13,156 TRACE [org.jboss.security.audit.providers.LogAuditProvider] (Thread-51:) [Error]Source=org.jboss.security.plugins.javaee.EJBAuthorizationHelper;Exception:=Authorization Failed: null;Resource:=[org.jboss.security.authorization.resources.EJBResource:contextMap={policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@303418}:method=public final com.test.nms.server.protocol.manager.datamodel.Snmpv2c com.test.nms.server.protocol.manager.ProtocolFacade.getProtocol(long) throws java.lang.Exception:ejbMethodInterface=Local:ejbName=ProtocolFacade:ejbPrincipal=defaultuser:MethodRoles=Roles(DEFAULT_ROLE_FOR_SERVER,):securityRoleReferences=null:callerSubject=Subject:
Principal: defaultuser
Principal: Roles(members:FAU_ALM_VIEW_ANNOTATE,PERF_TASK_SCHEDULE,INVENTORY_MGMT,RSTR_DATABASE_ADMIN,DEV_GROUP_ADD,LINK_VIEW,FAU_SYSLOGS_EXPORT,CONF_TEMP_SCH_START,CONF_DISC_TRIG,CONF_TEMP_MAINT,CONF_FTP_SERVER_ADD,CONF_SOFT_MAINT_MOD,CONF_SOFT_MAINT_VIEW,CONF_DISC_TRIG_DEL,FAU,FAU_ALM_SUMM,CONF_TEMP_EXEC,FAU_ALM_DETAILS,FAU_SYS_LOGS_PURGE_EDIT,FAU_ALM_EMAILPUB,GEN_MAIL_SERVER_MOD,FAU_ALM_VIEW_PRINT,SECURITY_MGR_TREE,BACKUP_DATABASE_ADMIN_SCHEDULE,FAU_ALM,FAU_ALM_PURGE_EDIT,SEC_MOD_USR_CHG_ADMIN,TOOLS_MIB,CONF_TEMP_MAINT_COPY,CONF_FTP_SERVER_VIEW,FAU_SYSPAR_VIEW_ADD,CONF_ALM_TRIG_MOD,GEN,PERF_REP_VIEW,FAU_ALM_VIEW_EXPORT,FAU_LOGS_EXPORT,CONF_TEMP_SCH_ADD,DEV_EDIT,GOOGLE_MAP_SETTINGS,DEV_VIEW_DETAILS,PERF_TASK_TEMPLATE,SEC_MOD_USER,FAU_ALM_ARCHIVE_SERVER,SEC_ADD_USER,LINK_ADD,FAU_LOGS_VIEW,FAU_SYSPAR_VIEW,MODIFY_TOPO_DIAGRAM,CONF_ALM_TRIG,FAU_LOGS_ARCHIVE_SERVER,CONF_SOFT_SCH_START,CONF_ALM_TRIG_ADD,SEC_USER_AUDIT_VIEW,FAU_SYS_LOGS_PURGE_VIEW,FAU_PAR_VIEW_MOD,DEL_TOPO_DIAGRAM,LOGIN,FAU_MANAGE,CONF_ALM_TRIG_VIEW,CONF_SOFT_MAINT,GEN_MAIL_SERVER_VIEW,SEC_VIEW_USER,FAU_ALM_VIEW_ACK,FAU_ALM_PAGERPUB_FLTR,CONF_DISC_TRIG_ASSOCIATE_FIL,CONF_SOFT_SCH_ADD,BACKUP_DATABASE_ADMIN_VIEW,CONF_TEMPLATE,FAU_ALM_PAGERPUB,CONF_ALM_TRIG_DEL,CONF_SOFT_SCH_DEL,CONF_TEMP_SCH_STOP,FAU_LOGS_PRINT,DEFAULT_ROLE_FOR_SERVER,ADMINISTRATION,PERF_TASK_SCH_DEL,FAU_LOGS_PURGE_EDIT,CONF_SOFT_MAINT_OBS,PERF_REP_SCH_VIEW,FAU_ALM_PURGE_VIEW,CONF_TEMP_SCH_MOD,PERF_TASK_SCH_VIEW,PERF_TASK_SCH_STARTSTOP,FAU_SYSLOGS_VIEW,PERF_THR_MOD,FAU_PARSER,FAU_ALM_EMAILPUB_FLTR,PERF_USER_TASK,DISC_DEL_NWK,PERF_THR_ADD,CONF_TEMP_MAINT_DEL,GEN_SNMP_MOD,CONF_FTP_SERVER_DEL,PERF_TASK_TEMP_MOD,FAU_ALM_SNMPPUB,FAU_ALM_VIEW,BACKUP_DATABASE_ADMIN_SCH_VIEW,CONF_TEMP_SCH,CONF_AUDIT_TRAILS_VIEW,SEC_USER,BACKUP_DATABASE_ADMIN_DEL,DEV_GROUP_EDIT,SEC_DEL_GRP,FAU_ALM_SNMPPUB_FLTR,CONF_SOFT_MAINT_DEL,FAU_ALM_SNMPPUB_DEL,FAU_ALM_EMAILPUB_MOD,CONF_TEMP_MAINT_VIEW,CONF_FTP_SERVER,PERF_DASHBOARD_MOD,PERF_REP_VIEW_OUTAGE_REP,CONF_TEMP_SCH_VIEW,FAU_ALM_PAGERPUB_DEL,FAU_ALM_VIEW_DEL,FAU_PAR_VIEW_DEL,LINK_DELETE,PERF_TASK_SCH_ADD,PERF,DISC_CONF_MOD,DISC_ADD_NWK,FAU_ALM_SNMPPUB_MOD,FAU_SYSPAR,FAU_ALM_ARCHIVE,FAU_SYSLOGS_PRINT,FAU_LOGS_ARCHIVE,DISC_MOD_NWK,DISC_START,FAU_ALM_PAGERPUB_ADD,CONF_FTP_SERVER_MOD,PERF_THR,FAU_PAR,GEN_SNMP_VIEW,FAU_SYSPAR_VIEW_MOD,PERF_DASHBOARD_SYS_REACH,CONF_TEMP_MAINT_IMPORT,CONF_TEMP_SCH_DEL,ADD_NEW_TOPO_DIAGRAM,CONF_AUDIT_TRAILS_EXPORT,DEV_GROUP_DELETE,CONF_AUDIT_TRAILS,TOOLS_TELNET,CONF_SOFT_MAINT_ADD,CONF_SOFT_SCH_VIEW,SEC_AUDIT_CONFIG_MOD,CONF_TEMP_MAINT_ADD,BACKUP_DATABASE_ADMIN,GEN_SEV_CLR_VIEW,SYS_CONF,CONF_DISC_TRIG_ADD,SEC_DEL_USER,DEV_GROUP_DETAILS,FAU_ALM_GEN_REP,TOPO,FAU_LOGS_PURGE_VIEW,DEV_NEREMARKS_VIEW_ADD,FAU_ALM_EMAILPUB_ADD,CONF_DISC_TRIG_MOD,CONF_TEMP_MAINT_MOD,DISC_VIEW_PROG,CONF_SOFT_SCH_STOP,SECURITY_LOGIN,PERF_REP_VIEW_HIST_STAT,PERF_TASK_TEMP_ADD,FAU_PAR_VIEW_ADD,EMS_MGMT,TOOLS,GEN_SEV_CLR_VIEW_MOD,TOPO_GOOGLE_MAP_VIEW,FAU_ALM_VIEW_OWNER,PERF_THR_VIEW,FAU_ALM_ARCHIVE_LOCAL,DEV_NEREMARKS_VIEW,FAU_ALM_EMAILPUB_DEL,SEC_GRP,LOGOFF,FAU_PAR_VIEW,PERF_DASHBOARD_VIEW,DEV_ADD,FAU_SYSPAR_VIEW_DEL,DEV_DELETE,VIEW_LINK,CONF_SOFT_SCH_MOD,BACKUP_DATABASE_FTP_REASSIGN,TOOLS_CLR,CONF_TEMP_MAINT_OBS,SEC_MOD_USR_CHG_GENERAL,DEV_POSITION,CONF_TEMP_SCH_COPY,FAU_ALM_VIEW_CLR,PERF_TASK_TEMP_DEL,CONF_DISCOVERY,SEC_KILL_USER,PERF_TASK_SCH_MOD,PERF_DASHBOARD_DEL,BACKUP_DATABASE_ADMIN_USR_TRIG,SEC_MOD_GRP,DISC_VIEW_NWK,SEC_AUDIT_CONFIG_VIEW,GOOGLE_MAP_DELETE_LOCATION,TOPO_FTP_REASSIGN,FAU_LOGS_ARCHIVE_LOCAL,PERF_DASHBOARD_ADD,PERF_TASK_TEMP_VIEW,PERF_THR_DEL,DEV_TELNET,PERF_DAT_COLL_VIEW_ADD,SEC_VIEW_GRP,FAU_SYSLOGS,CONF_SOFT_SCH,FAU_LOGS,SECURITY_MGR,PERF_DASHBOARD_PM_STATS,NETWORK_TOPO_DIAGRAM,CONF_SOFT_SCH_COPY,CONF_TEMP_MAINT_EXPORT,FAU_ALM_PAGERPUB_MOD,SEC_MAG_DEV,SEC_ADD_GRP,DISC,PERF_REP_VIEW_REAL_STAT,DEFAULT_ROLE_FOR_CLIENT,CONF_SOFTWARE,DISC_STOP,FAU_ALM_SNMPPUB_ADD,SEC_GRP_MOD_FUN_ACC,DATABASE_ADMINISTRATION,GOOGLE_MAP_SAVE_LOCATION,CONF)
:callerRunAs=null:callerRunAs=null:ejbRestrictionEnforcement=false:ejbVersion=null];policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@303418;