I'm having a similar problem. I've got a session bean with some authenticated
methods and some unchecked methods. They're correct (as far as I can tell) in
ejb-jar.xml:
|
|
|
|
|
| ScrumWorksEJB
| ServiceEndpoint
| getTest
|
|
|
|
|
|
| Team Member
|
|
| ScrumWorksEJB
| ServiceEndpoint
| getAuthenticatedTest
|
|
|
|
|
This is in the jboss.xml:
|java:/jaas/ScrumWorks
|guest
|
and my login-config.xml seems correct:
|
|
|
| java:/jdbc/ScrumWorksDS
|
| SELECT password FROM userejb WHERE userName=?
|
|
| SELECT r.roleName as name, 'Roles'
| FROM userejb u, roleejb r, userejb_roles_roleejb_users ur
| WHERE u.userId=ur.userejb AND r.roleId=ur.roleejb AND
u.userName=?
|
| guest
|
|
|
|
But when I try to call a method that is marked as "unchecked", I get a 401
error authorization failure. This seemed like a Tomcat error, so I tried
chaning the default security domain:
| java:/jaas/ScrumWorks
|
which didn't help either.
The server.log file contains:
| 2006-03-07 10:32:24,027 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] Authenticating as
unauthenticatedIdentity=guest
| 2006-03-07 10:32:24,028 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'guest'
authenticated, loginOk=true
| 2006-03-07 10:32:24,028 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true
| 2006-03-07 10:32:24,028 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] getRoleSets using
rolesQuery: SELECT r.roleName as name, 'Roles'
| FROM userejb u, roleejb r, userejb_roles_roleejb_users ur
| WHERE u.userId=ur.userejb AND r.roleId=ur.roleejb AND
u.userName=?, username: guest
| 2006-03-07 10:32:24,041 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
| 2006-03-07 10:32:24,041 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT
r.roleName as name, 'Roles'
| FROM userejb u, roleejb r, userejb_roles_roleejb_users ur
| WHERE u.userId=ur.userejb AND r.roleId=ur.roleejb AND
u.userName=?, with username: guest
| 2006-03-07 10:32:24,085 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] No roles found
| 2006-03-07 10:32:24,086 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
| 2006-03-07 10:32:24,088 TRACE
[org.jboss.security.plugins.JaasSecurityManager.ScrumWorks] defaultLogin,
[EMAIL PROTECTED], subject=Subject(19164996).principals=org.jboss.securi
| [EMAIL PROTECTED](guest)[EMAIL PROTECTED](Roles(members))
| 2006-03-07 10:32:24,088 TRACE
[org.jboss.security.plugins.JaasSecurityManager.ScrumWorks] updateCache,
inputSubject=Subject(19164996)[EMAIL PROTECTED](guest)org.jboss.se
| [EMAIL PROTECTED](Roles(members)), cacheSubject=Subject(17103032)[EMAIL
PROTECTED](guest)[EMAIL PROTECTED](Roles(members))
| 2006-03-07 10:32:24,089 TRACE
[org.jboss.security.plugins.JaasSecurityManager.ScrumWorks] Inserted cache
info: [EMAIL PROTECTED](17103032).principals=o
| [EMAIL PROTECTED](guest)[EMAIL
PROTECTED](Roles(members)),credential.class=null,expirationTime=1141758128525]
| 2006-03-07 10:32:24,089 TRACE
[org.jboss.security.plugins.JaasSecurityManager.ScrumWorks] End isValid, true
| 2006-03-07 10:32:24,097 TRACE [org.jboss.security.SecurityAssociation]
pushSubjectContext, subject=Subject:
| Principal: guest
| Principal: Roles(members)
| , [EMAIL PROTECTED],subject=31392528}
| 2006-03-07 10:32:24,100 TRACE [org.jboss.security.SecurityAssociation]
pushRunAsIdentity, runAs=null
| 2006-03-07 10:32:24,122 TRACE [org.jboss.security.SecurityAssociation]
popRunAsIdentity, runAs=null
| 2006-03-07 10:32:24,122 TRACE [org.jboss.security.SecurityAssociation]
popSubjectContext, [EMAIL PROTECTED],subject=31392528}
| 2006-03-07 10:32:24,142 TRACE [org.jboss.security.SecurityAssociation]
getPrincipal, principal=null
|
and
| 2006-03-07 11:00:27,241 DEBUG
[org.apache.catalina.authenticator.AuthenticatorBase] Security checking request
POST /scrumworks-api/scrumworks
| 2006-03-07 11:00:27,242 DEBUG [org.apache.catalina.realm.RealmBase]
Checking constraint 'SecurityConstraint[ScrumWorksEndpoint]' against POST
/scrumworks --> true
| 2006-03-07 11:00:27,242 DEBUG [org.apache.catalina.realm.RealmBase]
Checking constraint 'SecurityConstraint[ScrumWorksEndpoint]' against POST
/scrumworks --> true
| 2006-03-07 11:00:27,242 DEBUG
[org.apache.catalina.authenticator.AuthenticatorBase] Calling
hasU