[jboss-user] [Security] - Issue in JAAS - EJB3 declarative security
new2Security
do-not-reply at jboss.com
Thu Sep 3 17:54:45 EDT 2009
I 'm running into an issue in EJB3 declarative security in JBoss 4.2.0.
Here is my scenario.
1. I have 3 EJB3 beans (let us call it as ClientEJB, LoginEJB and TestBean
2. ClientEJB needs to call LoginEJB to validate login. Upon successful login (using LoginContext.login()) I would like user's context set to the jBoss container).
3. Now ClientEJB needs to call TestBean. TestBean has certain methods in which I have following annotations
@RolesAllowed ({"test"}) // to allow method access to user's with "test" role
4. But for some reasons I keep getting
ERROR [RoleBasedAuthorizationInterceptor] Insufficient permissions, principal=null, requiredRoles=[test], principalRoles=[]
javax.ejb.EJBAccessException: Authorization failure
at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptor.invoke(RoleBasedAuthorizationInterceptor.java:113)
5. I was expecting the role which was set in LoginBean inturn propogates to TestBean.
Can some one help me with this?
Thanks in advance.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4253437#4253437
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4253437
More information about the jboss-user
mailing list