my piece of code is accessing ejb session methods that has roles defined to it. But its
quite strange to see that a few of those does not allow access even when there is enough
roles associated with the calling principal..
below is the log for the error. Here my session bean method is protected with a role named
DEFAULT_ROLE_FOR_SERVER. The calling principal has it too, but is still denied access..
Any idea????
2009-10-29 15:47:13,156 TRACE [org.jboss.security.audit.providers.LogAuditProvider]
(Thread-51:)
[Error]Source=org.jboss.security.plugins.javaee.EJBAuthorizationHelper;Exception:=Authorization
Failed:
null;Resource:=[org.jboss.security.authorization.resources.EJBResource:contextMap={policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@303418}:method=public
final com.test.nms.server.protocol.manager.datamodel.Snmpv2c
com.test.nms.server.protocol.manager.ProtocolFacade.getProtocol(long) throws
java.lang.Exception:ejbMethodInterface=Local:ejbName=ProtocolFacade:ejbPrincipal=defaultuser:MethodRoles=Roles(DEFAULT_ROLE_FOR_SERVER,):securityRoleReferences=null:callerSubject=Subject:
Principal: defaultuser
Principal:
Roles(members:FAU_ALM_VIEW_ANNOTATE,PERF_TASK_SCHEDULE,INVENTORY_MGMT,RSTR_DATABASE_ADMIN,DEV_GROUP_ADD,LINK_VIEW,FAU_SYSLOGS_EXPORT,CONF_TEMP_SCH_START,CONF_DISC_TRIG,CONF_TEMP_MAINT,CONF_FTP_SERVER_ADD,CONF_SOFT_MAINT_MOD,CONF_SOFT_MAINT_VIEW,CONF_DISC_TRIG_DEL,FAU,FAU_ALM_SUMM,CONF_TEMP_EXEC,FAU_ALM_DETAILS,FAU_SYS_LOGS_PURGE_EDIT,FAU_ALM_EMAILPUB,GEN_MAIL_SERVER_MOD,FAU_ALM_VIEW_PRINT,SECURITY_MGR_TREE,BACKUP_DATABASE_ADMIN_SCHEDULE,FAU_ALM,FAU_ALM_PURGE_EDIT,SEC_MOD_USR_CHG_ADMIN,TOOLS_MIB,CONF_TEMP_MAINT_COPY,CONF_FTP_SERVER_VIEW,FAU_SYSPAR_VIEW_ADD,CONF_ALM_TRIG_MOD,GEN,PERF_REP_VIEW,FAU_ALM_VIEW_EXPORT,FAU_LOGS_EXPORT,CONF_TEMP_SCH_ADD,DEV_EDIT,GOOGLE_MAP_SETTINGS,DEV_VIEW_DETAILS,PERF_TASK_TEMPLATE,SEC_MOD_USER,FAU_ALM_ARCHIVE_SERVER,SEC_ADD_USER,LINK_ADD,FAU_LOGS_VIEW,FAU_SYSPAR_VIEW,MODIFY_TOPO_DIAGRAM,CONF_ALM_TRIG,FAU_LOGS_ARCHIVE_SERVER,CONF_SOFT_SCH_START,CONF_ALM_TRIG_ADD,SEC_USER_AUDIT_VIEW,FAU_SYS_LOGS_PURGE_VIEW,FAU_PAR_VIEW_MOD,DEL_TOPO_DIAGRAM,LOGIN,FAU_MANAGE,CONF_ALM_TRIG_VIEW,CONF_SOFT_MAINT,GEN_MAIL_SERVER_VIEW,SEC_VIEW_USER,FAU_ALM_VIEW_ACK,FAU_ALM_PAGERPUB_FLTR,CONF_DISC_TRIG_ASSOCIATE_FIL,CONF_SOFT_SCH_ADD,BACKUP_DATABASE_ADMIN_VIEW,CONF_TEMPLATE,FAU_ALM_PAGERPUB,CONF_ALM_TRIG_DEL,CONF_SOFT_SCH_DEL,CONF_TEMP_SCH_STOP,FAU_LOGS_PRINT,DEFAULT_ROLE_FOR_SERVER,ADMINISTRATION,PERF_TASK_SCH_DEL,FAU_LOGS_PURGE_EDIT,CONF_SOFT_MAINT_OBS,PERF_REP_SCH_VIEW,FAU_ALM_PURGE_VIEW,CONF_TEMP_SCH_MOD,PERF_TASK_SCH_VIEW,PERF_TASK_SCH_STARTSTOP,FAU_SYSLOGS_VIEW,PERF_THR_MOD,FAU_PARSER,FAU_ALM_EMAILPUB_FLTR,PERF_USER_TASK,DISC_DEL_NWK,PERF_THR_ADD,CONF_TEMP_MAINT_DEL,GEN_SNMP_MOD,CONF_FTP_SERVER_DEL,PERF_TASK_TEMP_MOD,FAU_ALM_SNMPPUB,FAU_ALM_VIEW,BACKUP_DATABASE_ADMIN_SCH_VIEW,CONF_TEMP_SCH,CONF_AUDIT_TRAILS_VIEW,SEC_USER,BACKUP_DATABASE_ADMIN_DEL,DEV_GROUP_EDIT,SEC_DEL_GRP,FAU_ALM_SNMPPUB_FLTR,CONF_SOFT_MAINT_DEL,FAU_ALM_SNMPPUB_DEL,FAU_ALM_EMAILPUB_MOD,CONF_TEMP_MAINT_VIEW,CONF_FTP_SERVER,PERF_DASHBOARD_MOD,PERF_REP_VIEW_OUTAGE_REP,CONF_TEMP_SCH_VIEW,FAU_ALM_PAGERPUB_DEL,FAU_ALM_VIEW_DEL,FAU_PAR_VIEW_DEL,LINK_DELETE,PERF_TASK_SCH_ADD,PERF,DISC_CONF_MOD,DISC_ADD_NWK,FAU_ALM_SNMPPUB_MOD,FAU_SYSPAR,FAU_ALM_ARCHIVE,FAU_SYSLOGS_PRINT,FAU_LOGS_ARCHIVE,DISC_MOD_NWK,DISC_START,FAU_ALM_PAGERPUB_ADD,CONF_FTP_SERVER_MOD,PERF_THR,FAU_PAR,GEN_SNMP_VIEW,FAU_SYSPAR_VIEW_MOD,PERF_DASHBOARD_SYS_REACH,CONF_TEMP_MAINT_IMPORT,CONF_TEMP_SCH_DEL,ADD_NEW_TOPO_DIAGRAM,CONF_AUDIT_TRAILS_EXPORT,DEV_GROUP_DELETE,CONF_AUDIT_TRAILS,TOOLS_TELNET,CONF_SOFT_MAINT_ADD,CONF_SOFT_SCH_VIEW,SEC_AUDIT_CONFIG_MOD,CONF_TEMP_MAINT_ADD,BACKUP_DATABASE_ADMIN,GEN_SEV_CLR_VIEW,SYS_CONF,CONF_DISC_TRIG_ADD,SEC_DEL_USER,DEV_GROUP_DETAILS,FAU_ALM_GEN_REP,TOPO,FAU_LOGS_PURGE_VIEW,DEV_NEREMARKS_VIEW_ADD,FAU_ALM_EMAILPUB_ADD,CONF_DISC_TRIG_MOD,CONF_TEMP_MAINT_MOD,DISC_VIEW_PROG,CONF_SOFT_SCH_STOP,SECURITY_LOGIN,PERF_REP_VIEW_HIST_STAT,PERF_TASK_TEMP_ADD,FAU_PAR_VIEW_ADD,EMS_MGMT,TOOLS,GEN_SEV_CLR_VIEW_MOD,TOPO_GOOGLE_MAP_VIEW,FAU_ALM_VIEW_OWNER,PERF_THR_VIEW,FAU_ALM_ARCHIVE_LOCAL,DEV_NEREMARKS_VIEW,FAU_ALM_EMAILPUB_DEL,SEC_GRP,LOGOFF,FAU_PAR_VIEW,PERF_DASHBOARD_VIEW,DEV_ADD,FAU_SYSPAR_VIEW_DEL,DEV_DELETE,VIEW_LINK,CONF_SOFT_SCH_MOD,BACKUP_DATABASE_FTP_REASSIGN,TOOLS_CLR,CONF_TEMP_MAINT_OBS,SEC_MOD_USR_CHG_GENERAL,DEV_POSITION,CONF_TEMP_SCH_COPY,FAU_ALM_VIEW_CLR,PERF_TASK_TEMP_DEL,CONF_DISCOVERY,SEC_KILL_USER,PERF_TASK_SCH_MOD,PERF_DASHBOARD_DEL,BACKUP_DATABASE_ADMIN_USR_TRIG,SEC_MOD_GRP,DISC_VIEW_NWK,SEC_AUDIT_CONFIG_VIEW,GOOGLE_MAP_DELETE_LOCATION,TOPO_FTP_REASSIGN,FAU_LOGS_ARCHIVE_LOCAL,PERF_DASHBOARD_ADD,PERF_TASK_TEMP_VIEW,PERF_THR_DEL,DEV_TELNET,PERF_DAT_COLL_VIEW_ADD,SEC_VIEW_GRP,FAU_SYSLOGS,CONF_SOFT_SCH,FAU_LOGS,SECURITY_MGR,PERF_DASHBOARD_PM_STATS,NETWORK_TOPO_DIAGRAM,CONF_SOFT_SCH_COPY,CONF_TEMP_MAINT_EXPORT,FAU_ALM_PAGERPUB_MOD,SEC_MAG_DEV,SEC_ADD_GRP,DISC,PERF_REP_VIEW_REAL_STAT,DEFAULT_ROLE_FOR_CLIENT,CONF_SOFTWARE,DISC_STOP,FAU_ALM_SNMPPUB_ADD,SEC_GRP_MOD_FUN_ACC,DATABASE_ADMINISTRATION,GOOGLE_MAP_SAVE_LOCATION,CONF)
:callerRunAs=null:callerRunAs=null:ejbRestrictionEnforcement=false:ejbVersion=null];policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@303418;
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262945#...
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...