I have been bashing my head against a brick wall for a week now trying to access a session bean from a JSP page, but no matter what I do I get
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is: Insufficient method permissions, principal=null, method=createOperatorAdmin, interface=LOCALHOME, requiredRoles=[Administrator, Operator, System], principalRoles=[] at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:229) at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94) at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invokeHome(CachedConnectionInterceptor.java:215) at org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor.invokeHome(StatefulSessionInstanceInterceptor.java:128) . . . etc I have set up a security domain and can successfully log in though a JSP, subsequent calls to getSubject etc from the LoginContext show that I am authenticated. I can also execute methods on beans with unchecked permission. Rather than bore everyone with reams of extracts of the various xml files involved, can anyone point me at a set of working example code (working on jboss-3.0.4_tomcat-4.0.6, that is) that has at least the following characteristics. EJB's with permission restricted to specific roles Login from a JSP access to methods of restricted bean methods from another JSP in the same session Other factors that may be relevant ( but maybe not ) The bean I'm trying to access is a stateful session bean I'm using the local interface I'm using org.jboss.security.auth.spi.DatabaseServerLoginModule for authentication Any help gratefully received. David -- David Whitmarsh Sparkle Computer Co Ltd Systems Development and Consultancy UNIX/LINUX/Windows, C/C++/perl/java Sybase Internet, Intranet, Security web: www.sparkle-cc.co.uk mob: +44 (0)7802 537097 ==========================================
signature.asc
Description: This is a digitally signed message part