On Jan 7, 2009, at 5:17 PM, Marcin Kwapisz wrote:
Hi,
I cannot override security annotations in OpenEJB3 (the same
concerns OpenEJB3.1). In the following example I cannot call
createStudent with role SysAdmin. When I remove security annotation
I can call createStudent only with role SysAdmin. That means that I
can set method permissions in ejb-jar.xml but not override them.
--LOG--
INFO: The transaction has been marked rollback only because the bean
encountered a non-application
exception :javax.ejb.EJBAccessException : Unauthorized Access by
Principal Denied
--LOG--
Is something wrong with my code or with OpenEjb? Can you help me to
solve this problem?
I use OpenEjb for unit testing. Application is deployed on Glassfish
server and method permissions are correctly set there.
--EJB--
@RolesAllowed({"StudentAdmin"})
public void createStudent....
--sun-ejb.jar--
<assembly-descriptor>
<security-role>
<role-name>SysAdmin</role-name>
</security-role>
<method-permission>
<role-name>SysAdmin</role-name>
<method>
<ejb-name>StudentEndpoint</ejb-name>
<method-name>createStudent</method-name>
</method>
</method-permission>
Hi Marcin,
Just as a quick way to verify there isn't something else going on,
paste the debug info for your security attributes. In OpenEJB 3.1
there's a new log category where we print all of the method attributes
on debug.
In your test case you can turn it on by adding this to your
InitialContext properties:
properties.setProperty("log4j.category.OpenEJB.startup.attributes",
"DEBUG");
Then you should see some log lines in the output that start with
"Security Attribute: ...". Paste all of them or the ones that apply
to StudentEndpoint. Should help us see exactly what the attributes
are after all the overriding, etc.
-David
