Hi Wolfgang,
yes I've enabled the security layer debugging. There is no more output on my
JBoss then that waht I've posted already. I don't know what you have expected.
After trying a simple Servlet application with WebAuthentication as described
in the blog, the same error "Caller unauthorized" comes up on the access of an
EJB3 bean when there is a @RunAs annotation.
So for now I continued with checking if the EJB3 context gets the user
authentication correctly.
Now I have tried to see what happens when I do a
| log.info(request.getUserPrincipal());
| log.info(request.getRemoteUser());
| log.info(request.isUserInRole("AdminUser"));
|
The results are:
| extern.michael.obster
| extern.michael.obster
| false
|
The conclusion from my point is that there are 3 possible errors:
1. The authentication gets lost, so the request don't know the role of the user.
2. The JAAS gets confused about which ID has to be used to get the role for the
user
3. The roles query has a wrong result.
After some debugging I found out, that my roles query returns a result with
some other columns the JAAS system does not expect.
So correcting the roles query fixed my problem.
But thank you for your help. It was not useless, because I got some more
knowlegde how to debug the security layer ;-).
For people who have the same problem, check if your result from the roles query
contains the columns "name" (with the name of the role) and "role_group"!
Cheers,
Michael
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4261407#4261407
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4261407
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
