2 Replies Latest reply on Oct 5, 2006 8:08 AM by Ruben Verlinden

    security Insufficient method permissions, principal=null

    Srdjan Djuricic Newbie

      Hi,

      I am unable to call a create method on the home object due to insufficient method permission but I am not sure what I am missing.

      My login-config.xml is as follows

       <application-policy name="MyPolicy">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
       flag="required">
       <module-option name="usersProperties">props/my-users.properties</module-option>
       <module-option name="rolesProperties">props/my-roles.properties</module-option>
       <module-option name="unauthenticatedIdentity">guest</module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      In props folder I have my-users.properties file with
      admin=admin
      and I have my-roles.properties file with
      admin=admin

      In jboss.xml file I have the following
      <security-domain>java:/jaas/MyPolicy</security-domain>
      


      In ejb-jar.xml I have the following
       <assembly-descriptor >
       <security-role-ref>
       <role-name>admin</role-name>
       <role-link>admin</role-link>
       </security-role-ref>
       <security-role>
       <description>Admin</description>
       <role-name>admin</role-name>
       </security-role>
      
       <method-permission>
       <role-name>admin</role-name>
       <method>
       <ejb-name>MyManager</ejb-name>
       <method-name>create</method-name>
       </method>
      


      Now in the code I have the following and I am able to login in but when I try to call a create method I get an exception

      java.lang.SecurityException: Insufficient method permissions, principal=null, ejbName=MyManager, method=create, interface=HOME, requiredRoles=[admin], principalRoles=[]

       LoginContext lc = null;
       try{
       String name = "admin";
       String passwordStr = "admin";
       char[] password = passwordStr.toCharArray();
       AppCallbackHandler handler = new AppCallbackHandler(name, password);
       lc = new LoginContext("MyPolicy", handler);
       System.out.println("Created LoginContext");
       lc.login();
       System.out.println("Logged in.");
       Iterator it = lc.getSubject().getPrincipals().iterator();
       while(it.hasNext()) {
       Object o = it.next();
       System.out.println("principle: "+o.getClass().getName()+ " "+o);
       }
       }catch (LoginException le){
       System.out.println("Login failed");
       le.printStackTrace();
       }
      
       Context ctx = new InitialContext();
       Object object = ctx.lookup( "ejb/com/blah/MyManager" );
       MyManager home = (MyManager)PortableRemoteObject.narrow ( object, MyManager.class);
      
       Manager manager= home.create();
      



        • 1. Re: security Insufficient method permissions, principal=null
          Srdjan Djuricic Newbie

           

           static class AppCallbackHandler implements CallbackHandler {
           private String username;
           private char[] password;
          
           public AppCallbackHandler(String username, char[] password){
           this.username = username;
           this.password = password;
           }
          
           public void handle(Callback[] callbacks)
           throws java.io.IOException, UnsupportedCallbackException {
           for (int i = 0; i < callbacks.length; i++) {
           if (callbacks instanceof NameCallback){
           NameCallback nc = (NameCallback)callbacks ;
           nc.setName(username);
           } else if (callbacks instanceof PasswordCallback) {
           PasswordCallback pc = (PasswordCallback)callbacks ;
           pc.setPassword(password);
           } else {
           throw new UnsupportedCallbackException(callbacks , "Unrecognized Callback");
           }
           }
           }
           }
          


          • 2. Re: security Insufficient method permissions, principal=null
            Ruben Verlinden Newbie

            I have exactly the same problem when I try to authenticate from within a Tapestry environment. When using the same code as a standalone client, or from within an Eclipse RCP environment it works like a charm.

            Does anybody have a hint to a solution for this problem?

            Ruben