I have been bashing my head against a brick wall for a week now trying to access a session bean from a JSP page, but no matter what I do I get
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Insufficient method permissions, principal=null,
method=createOperatorAdmin, interface=LOCALHOME,
requiredRoles=[Administrator, Operator, System], principalRoles=[]
at
org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:229)
at
org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
at
org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invokeHome(CachedConnectionInterceptor.java:215)
at
org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor.invokeHome(StatefulSessionInstanceInterceptor.java:128)
.
.
.
etc
I have set up a security domain and can successfully log in though a
JSP, subsequent calls to getSubject etc from the LoginContext show that
I am authenticated. I can also execute methods on beans with unchecked
permission.
Rather than bore everyone with reams of extracts of the various xml
files involved, can anyone point me at a set of working example code
(working on jboss-3.0.4_tomcat-4.0.6, that is) that has at least the
following characteristics.
EJB's with permission restricted to specific roles
Login from a JSP
access to methods of restricted bean methods from another JSP in the
same session
Other factors that may be relevant ( but maybe not )
The bean I'm trying to access is a stateful session bean
I'm using the local interface
I'm using org.jboss.security.auth.spi.DatabaseServerLoginModule for
authentication
Any help gratefully received.
David
--
David Whitmarsh
Sparkle Computer Co Ltd
Systems Development and Consultancy
UNIX/LINUX/Windows, C/C++/perl/java Sybase
Internet, Intranet, Security
web: www.sparkle-cc.co.uk
mob: +44 (0)7802 537097
==========================================
signature.asc
Description: This is a digitally signed message part
