2 Replies Latest reply on Feb 10, 2004 9:18 PM by James Johnson

    Security Policy and access denied(org.jboss.security.Securit

    James Johnson Newbie

      I'm just getting started and am trying to use an applet to access an EJB.

      I've set %java_home%\jre\lib\java.policy to read:

      grant {
      // Allow everything for now
      permission java.security.AllPermission;
      permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.getPrincipalInfo";
      permission java.io.SerializablePermission "enableSubstitution";

      };


      When running in the applet, I get the following exception:

      java.security.AccessControlException: access denied (java.lang.RuntimePermission org.jboss.security.SecurityAssociation.getPrincipalInfo)


      The Stack trace follows below.

      As my policy is set for very lax security, I'm at a loss as to what to do resolve this problem.

      Any thoughts are appreciated.

      Stack Trace
      ---------------

      java.security.AccessControlException: access denied (java.lang.RuntimePermission org.jboss.security.SecurityAssociation.getPrincipalInfo)

      at java.security.AccessControlContext.checkPermission(Unknown Source)

      at java.security.AccessController.checkPermission(Unknown Source)

      at java.lang.SecurityManager.checkPermission(Unknown Source)

      at org.jboss.security.SecurityAssociation.getPrincipal(SecurityAssociation.java:112)

      at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:74)

      at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:175)

      at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:82)

      at $Proxy0.create(Unknown Source)

      at AWTMessageAppletClient.doBean(AWTMessageAppletClient.java:76)

      at AWTMessageAppletClient.paint(AWTMessageAppletClient.java:46)

      at sun.awt.RepaintArea.paint(Unknown Source)

      at sun.awt.windows.WComponentPeer.handleEvent(Unknown Source)

      at java.awt.Component.dispatchEventImpl(Unknown Source)

      at java.awt.Container.dispatchEventImpl(Unknown Source)

      at java.awt.Component.dispatchEvent(Unknown Source)

      at java.awt.EventQueue.dispatchEvent(Unknown Source)

      at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)

      at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)

      at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

      at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

      at java.awt.EventDispatchThread.run(Unknown Source)

        • 1. Re: Security Policy and access denied(org.jboss.security.Sec
          cluck Newbie

          JBoss uses JAAS for authentication, not java.security.*. You need to create an auth.conf file, have your applet instantiate a LoginContext passing in the name of the login configuration and a CallbackHandler (which you'll have to write). Once you've got hold of a LoginContext your applet should be able to call loginContext.login() and presuming your security credentials are OK, it will then be able to call EJB methods. Alternatively, you could just turn off declarative security in ejb-jar.xml.

          • 2. Re: Security Policy and access denied(org.jboss.security.Sec
            James Johnson Newbie

            Thanks for the feed back.

            My ejb-jar.xml includes an assembly descriptor having the security-role :: role-name of everyone and setting all methods to accessible (*)

            I've cut and paste part of ejb-jar here for inspection.

            Any additional thoughts are appreciated.

            <assembly-descriptor>
            <security-role>
            This role represents everyone who is allowed full access to the beans.
            <role-name>everyone</role-name>
            </security-role>

            <method-permission>
            <role-name>everyone</role-name>

            <ejb-name>AC01EJB</ejb-name>
            <method-name>*</method-name>

            </method-permission>
            </assembly-descriptor>