1 Reply Latest reply on May 25, 2004 9:42 PM by gatapia

    Authorisation Issues

    gatapia Newbie

      Hi All,

      Been through most of the topics on this forum an I still can't find a solution to my prob. Any help will be greatly appreciated.

      Basically. Security does not work. (java.lang.SecurityException: Insufficient method permissions, principal=null, ...), Which kinda tells me that my web service did not log on properly, if at all.

      Env: JBoss 3.2.3 / Tomcat

      Brief Desc:
      Basically my wsr contains a class file that accesses a secured SessionBean. The wsr is contained in an ear. The SessionBean is in another deployment package in that ear.

      Thanks All

      Guido

      PS: My apologies for the length of this post.

      Client Code (Excerpt):

      Service s = new Service();
      Call call = (Call) s.createCall();
      call.setTargetEndpointAddress(new java.net.URL(endpoint));
      call.setUsername(user);
      call.setPassword(pass);


      web-service.xml (Excerpt):
      <handler type="java:org.jboss.net.axis.server.JBossAuthenticationHandler">
       <parameter name="securityDomain" value="java:/jaas/geg_domain"/>
       <parameter name="allowedRoles" value="level1"/>
       <parameter name="validateUnauthenticatedCalls" value="true"/>
      </handler>
      <handler type="java:org.jboss.net.axis.server.JBossAuthorizationHandler">
       <parameter name="securityDomain" value="java:/jaas/geg_domain"/>
       <parameter name="allowedRoles" value="level1"/>
       <parameter name="validateUnauthenticatedCalls" value="true"/>
      </handler>


      login-config.xml (Excerpt):
      <application-policy name="geg_domain">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
       <module-option name="unauthenticatedIdentity">Unknown</module-option>
       <module-option name="hashAlgorithm">MD5</module-option>
       <module-option name="hashEncoding">base64</module-option>
       <module-option name="dsJndiName">java:/PostgresDS</module-option>
       <module-option name="principalsQuery">select Password from Principals where PrincipalID=?</module-option>
       <module-option name="rolesQuery">select Role, RoleGroup from Roles where PrincipalID=?</module-option>
       </login-module>
       </authentication>
      </application-policy>



      Soap Request:
      POST /jboss-net/services/AdminWS HTTP/1.0
      Content-Type: text/xml; charset=utf-8
      Accept: application/soap+xml, application/dime, multipart/related, text/*
      User-Agent: Axis/1.2alpha
      Host: monkey:8080
      Cache-Control: no-cache
      Pragma: no-cache
      SOAPAction: ""
      Content-Length: 580
      Authorization: Basic dXNlcjpwYXNzd29yZA==
      
      <?xml version="1.0" encoding="UTF-8"?>
      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <soapenv:Body>
       <getMachine soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
       <id href="#id0"/>
       </getMachine>
       <multiRef id="id0" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="xsd:long" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">0</multiRef>
       </soapenv:Body>
      </soapenv:Envelope>


      Soap Reply:
      HTTP/1.1 500 Internal Server Error
      Set-Cookie: JSESSIONID=9609F23E93100AAC21933B7EC803C725; Path=/jboss-net
      Content-Type: text/xml;charset=utf-8
      Date: Tue, 25 May 2004 23:51:21 GMT
      Server: Apache-Coyote/1.1
      Connection: close
      
      <?xml version="1.0" encoding="UTF-8"?>
      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <soapenv:Body>
       <soapenv:Fault>
       <faultcode>soapenv:Server.userException</faultcode>
       <faultstring>java.lang.RuntimeException: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
       Insufficient method permissions, principal=null, method=create, interface=LOCALHOME, requiredRoles=[level1, level2, level3], principalRoles=[]</faultstring>
       <detail/>
       </soapenv:Fault>
       </soapenv:Body>
      </soapenv:Envelope>