RE: [JBoss-user] Insufficient method permissions

[Pham Thanh Quan]

Title: RE: [JBoss-user] Insufficient method permissions

Dear Scott,

I apologize for my disturbance. I am still confused about the "myLoginConfig". In my login-config.xml, I have the following <application-policy> elements:

    <application-policy name = "client-login">
       <authentication>
          <login-module code = "org.jboss.security.ClientLoginModule"
             flag = "required">
          </login-module>
       </authentication>
    </application-policy>
    ...
    <application-policy name = "ldap">
       <authentication>
          <login-module code = "org.jboss.security.auth.spi.LdapLoginModule" flag = "required">
             <module-option name = "java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
             <module-option name = "java.naming.provider.url">ldap://uranus:389/</module-option>
             <module-option name = "java.naming.security.authentication">simple</module-option>
             <module-option name = "principalDNPrefix">cn=</module-option>
             <module-option name = "principalDNSuffix">,o=SGC,c=VN</module-option>
             <module-option name = "uidAttributeID">userid</module-option>
             <module-option name = "roleAttributeID">roles</module-option>
             <module-option name = "rolesCtxDN">o=SGC,c=VN</module-option>
             <module-option name = "matchOnUserDN">false</module-option>
             <module-option name = "unauthenticatedIdentity">nobody</module-option>
          </login-module>
       </authentication>
    </application-policy>

And when I run the piece of code as you told :
      Properties env = new Properties();
      env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.LoginInitialContextFactory");
      env.setProperty(Context.PROVIDER_URL, "jnp://uranus:1099/");
      env.setProperty(Context.SECURITY_CREDENTIALS, "administrator");
      env.setProperty(Context.SECURITY_PRINCIPAL, "administrator");
      env.setProperty(Context.SECURITY_PROTOCOL, "ldap");
      Context context = new InitialContext(env);
I get the exception:
java.lang.SecurityException: Unable to locate a login configuration
        at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
        at java.lang.Class.newInstance0(Class.java:306)
        at java.lang.Class.newInstance(Class.java:259)
        at javax.security.auth.login.Configuration$3.run(Configuration.java:221)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:215)
        at javax.security.auth.login.LoginContext$1.run(LoginContext.java:170)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.init(LoginContext.java:167)
        at javax.security.auth.login.LoginContext.<init>(LoginContext.java:404)
        at org.jboss.security.jndi.LoginInitialContextFactory.getInitialContext(LoginInitialContextFactory.java:63)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
        at javax.naming.InitialContext.init(InitialContext.java:219)
        at javax.naming.InitialContext.<init>(InitialContext.java:195)
        at com.sdc.sgc.test.Test.start(Test.java:36)
        at com.sdc.sgc.test.Test.main(Test.java:25)
Caused by: java.io.IOException: Unable to locate a login configuration
        at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
        at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95)
        ... 20 more

Just because in my deployment descriptor file - jboss.xml - I use java:/jaas/ldap for the security domain, so I set the env property

      env.setProperty(Context.SECURITY_PROTOCOL, "ldap");
The problem is also the same when I use "client-login" instead of "ldap"

Best regards
Quan

-----Original Message-----
From: Scott M Stark [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 01, 2003 8:59 PM
To: [EMAIL PROTECTED]
Subject: Re: [JBoss-user] Insufficient method permissions

Our default login mechanism is not through the JNDI InitialContext. If
you want to do that you need to use the
org.jboss.security.jndi.LoginInitialContextFactory:

      Properties env = new Properties();
      // Try with a login that should succeed
      env.setProperty(Context.INITIAL_CONTEXT_FACTORY,
"org.jboss.security.jndi.LoginInitialContextFactory");
      env.setProperty(Context.PROVIDER_URL, "jnp://localhost:1099/");
      env.setProperty(Context.SECURITY_CREDENTIALS, "theduke");
      env.setProperty(Context.SECURITY_PRINCIPAL, "jduke");
      env.setProperty(Context.SECURITY_PROTOCOL, "myLoginConfig");

where myLoginConfig is a JAAS login configuration that has at least the
JBoss ClientLogin module.

--
xxxxxxxxxxxxxxxxxxxxxxxx
Scott Stark
Chief Technology Officer
JBoss Group, LLC
xxxxxxxxxxxxxxxxxxxxxxxx

Pham Thanh Quan wrote:

> Hi all,
>
> 
>
> When I run the following piece of code:
>
> 
>
>       Properties properties = new Properties();
>
>       properties.put("java.naming.provider.url", url);
>
>       properties.put("java.naming.factory.initial", jndiContextClass);
>
>       properties.setProperty(Context.SECURITY_PRINCIPAL, "administrator");
>
>       properties.setProperty(Context.SECURITY_CREDENTIALS, "administrator");
>
>       Context context = new InitialContext(properties);
>
>       PromotionInfoManagerHome promotionInfoManagerHome =
> (PromotionInfoManagerHome) context.lookup("PromotionInfoManager");
>
>       PromotionInfoManager promotionInfoManager =
> promotionInfoManagerHome.create();
>
>       PromotionProgramValue promotionProgramValue = new
> PromotionProgramValue("test", "test", "published", null, false);
>
>       promotionInfoManager.createPromotionProgram(promotionProgramValue);
>
> 
>
> I get the following exception:
>
> 
>
> java.rmi.ServerException: RemoteException occurred in server thread;
> nested exception is:
>
>               java.rmi.ServerException: EJBException:; nested exception is:
>
>               javax.ejb.EJBException: checkSecurityAssociation;
> CausedByException is:
>
>               Insufficient method permissions, principal=null,
> method=createPromotionProgram, interface=REMOTE,
> requiredRoles=[Administrator, SystemUser], principalRoles=[]
>
> …
>
> 
>
> Although the account I used above (username=administrator,
> password=administrator, and its role is “Administrator”) is a valid
> account, when I use that account to login from my web server, and then
> call the method of the bean above, everything is OK. Please tell me what
> the problem is.
>
> 
>
> Thanks and regards
>
> Quan
>
> 
>

-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user