Hello scott, hello robuttera, I experience the same problem. I try to use a protected method in an ejb but it seems the roles are not set properly.
Here is the stack trace ... | | 14:01:36,254 INFO [STDOUT] fnowak | 14:01:36,254 INFO [STDOUT] ROLES(members:moderator,administrator,user) | | 14:01:36,264 ERROR [SecurityInterceptor] Insufficient method permissions, principal=fnowak, method=deleteNews, interface=LOCAL, requiredRoles=[administrator, root, server, moderator], principalRoles=null | 14:01:36,264 ERROR [LogInterceptor] EJBException in method: public abstract void com.holomind.ejb.communication.CommunicationAgentLocal.deleteNews(com.holomind.ejb.communication.CommunicationNewsData) throws com.holomind.ejb.communication.CommunicationException, causedBy: | java.lang.SecurityException: Insufficient method permissions, principal=fnowak, method=deleteNews, interface=LOCAL, requiredRoles=[administrator, root, server, moderator], principalRoles=null | at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:219) | at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:118) | at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191) | at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122) | at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624) | at org.jboss.ejb.Container.invoke(Container.java:854) | at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:413) | at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:82) | at $Proxy134.deleteNews(Unknown Source) | at com.holomind.cocoon.communication.acting.DeleteNewsAction.act(DeleteNewsAction.java:62) | ... | | I use the Jaas API to log JBoss 4.0.0. I set up the servlet filter shown in tutorial on Jaas. So I keep the login context in a session attribute and print its content just before using the protected method. (see before) Here is the login configuration i use (i do not use an unauthenticatedIdentity) : | <application-policy name="other"> | <authentication> | <login-module | code = "org.jboss.security.ClientLoginModule" flag = "required"> | </login-module> | <login-module | code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> | <module-option name="managedConnectionFactoryName">jboss.jca.service=LocalTxCM,name=MySqlDS</module-option> | <module-option name="dsJndiName">java:/MySqlDS</module-option> | <module-option name="principalsQuery"> | // skipped for brievty | </module-option> | <module-option name="rolesQuery"> | // skipped for brievty | </module-option> | </login-module> | </authentication> | </application-policy> | An View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3855193#3855193 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3855193 ------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user