[JBoss-user] [Security & JAAS/JBoss] - Re: Problem with roles: principalRoles=null
This has been fixed in the 4.0.1RC2 release so retest with that. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3857454#3857454 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3857454 --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Problem with roles: principalRoles=null
Try to put the ClientLoginModule as the last module in your config file. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3857168#3857168 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3857168 --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Problem with roles: principalRoles=null
Hello scott, hello robuttera, I experience the same problem. I try to use a protected method in an ejb but it seems the roles are not set properly. Here is the stack trace ... | | 14:01:36,254 INFO [STDOUT] fnowak | 14:01:36,254 INFO [STDOUT] ROLES(members:moderator,administrator,user) | | 14:01:36,264 ERROR [SecurityInterceptor] Insufficient method permissions, principal=fnowak, method=deleteNews, interface=LOCAL, requiredRoles=[administrator, root, server, moderator], principalRoles=null | 14:01:36,264 ERROR [LogInterceptor] EJBException in method: public abstract void com.holomind.ejb.communication.CommunicationAgentLocal.deleteNews(com.holomind.ejb.communication.CommunicationNewsData) throws com.holomind.ejb.communication.CommunicationException, causedBy: | java.lang.SecurityException: Insufficient method permissions, principal=fnowak, method=deleteNews, interface=LOCAL, requiredRoles=[administrator, root, server, moderator], principalRoles=null | at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:219) | at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:118) | at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191) | at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122) | at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624) | at org.jboss.ejb.Container.invoke(Container.java:854) | at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:413) | at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:82) | at $Proxy134.deleteNews(Unknown Source) | at com.holomind.cocoon.communication.acting.DeleteNewsAction.act(DeleteNewsAction.java:62) | ... | | I use the Jaas API to log JBoss 4.0.0. I set up the servlet filter shown in tutorial on Jaas. So I keep the login context in a session attribute and print its content just before using the protected method. (see before) Here is the login configuration i use (i do not use an unauthenticatedIdentity) : | | | | | | jboss.jca.service=LocalTxCM,name=MySqlDS | java:/MySqlDS | | // skipped for brievty | | | // skipped for brievty | | | | | An View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3855193#3855193 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3855193 --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Problem with roles: principalRoles=null
On JBoss 4.0.0 it was occuring sporadically, however in JBoss 4.0.1R1 it was occuring on every request. Yes, if I revert my configuration and change the logging settings, I can see the roles just before the exception is thrown: | 2004-11-12 00:12:57,510 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] User 'cam' authenticated, loginOk=true | 2004-11-12 00:12:57,510 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] commit, loginOk=true | 2004-11-12 00:12:57,510 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] updateCache, subject=Subject: | Principal: cam | Principal: Roles(members:Administrator) | | 2004-11-12 00:12:57,520 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] logout | 2004-11-12 00:12:57,520 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Insufficient method permissions, principal=cam, method=create, interface=HOME, requiredRoles=[Administrator, User], principalRoles=null | Am still not sure however, why this occurs when the ClientLoginModule is included in the application policy and why it disappears when it is removed. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3854825#3854825 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3854825 --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Problem with roles: principalRoles=null
Hmm.. this seems very similar to the problem I'm seeing. Does it work sometimes and not others? If you add: | | | | | | to your log4j.xml , can you see that initially there IS in fact a bunch of roles? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3854644#3854644 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3854644 --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Problem with roles: principalRoles=null
principal=cam has no roles assigned. The roles.properties file must not contain any mappings for this principal. To be sure of what properties file is being picked up you should define properties files unique to the login configuration as show here: | | | | esubmit-users.properties | esubmit-roles.properties | | | | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3854309#3854309 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3854309 --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Problem with roles: principalRoles=null
Appologies, here is the rest of the post: ejb-jar (cont) User Administrator Administrator User SubjectFacade * ... web.xml -- action Restricted area /pages/* HEAD GET POST PUT DELETE Administrator User no description NONE BASIC esubmit Admin user Administrator Regular user User jboss.xml --- java:/jaas/esubmit SubjectFacade ejb/SubjectFacade ... login-config.xml --- nobody View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3854183#3854183 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3854183 --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
