Hi,
I'm using JBoss2.4.3 with Tomcat3.2.3
I have an application which contains some ejbs and one servlet
called "Guest".
All beans are secure and only client which is authenticated and
is in role User can access remote methods of those beans.
As I said there is also one servlet, "Guest" which offers for guest
clients let's say transparent access to my breans (of course it permits
only few and secure operations with my beans) without any
authentication.
The servlet does it using methods of LoginContext and CallbackHandler
classes
which are performed during servlet initialization. So the servlet,
like a client, logins into my application as User guest and TRIES to
do something with my beans in the same manner as my other client which
is a normal java application and works perfectly.
But it doesn't work at all:
javax.servlet.ServletException:
java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
java.lang.SecurityException: Insufficient method permissions,
principal=null, method=create, requiredRoles=[User], principalRoles=[]
Note that the same procedure works with JBoss2.2.2 and Tomcat3.2.2!!!
I have also tried to use Subject.doAs method with subject returned by
LoginContext
getSubject method but it doesn't help.
Please help!
Regards,
AJ
____________________________________________
Pozdrawiam,
AJ
<mailto:[EMAIL PROTECTED]>
<http://strony.wp.pl/wp/ajonak>
____________________________________________
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
