[jboss-user] [Security] - Re: java.lang.SecurityException: Denied: caller with subject

sangeetha.gold do-not-reply at jboss.com
Fri Nov 6 08:12:43 EST 2009


Hi,

Thanks for the reply! As you suggessted, I have rollbacked the changes that made in security-policies-jboss-beans.xml.  Now this file is as it is we will get in Jboss installation. I am not build new application, this is old application developed in EJB1.1.  [Is it required to upgrade to EJB3.0 but I didnt think so its required].  Now the jboss.xml in "ejb-jar"/META-INF looks like as follows :

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 5.0//EN" "http://www.jboss.org/j2ee/dtd/jboss_5_0.dtd"> 

	<security-domain>java:/jaas/UIdPSso</security-domain>
	<enterprise-beans>
		
			<ejb-name>DsBean</ejb-name>
			<jndi-name>DsBean</jndi-name>
		
	</enterprise-beans>


I could see from the log that its making call to the CustomLoginModule & getting the Subject.  But its throwing java.lang.SecurityException. But I am able to access unprocted EJBs and protected servlet.

Just for your reference from the log file:
java.lang.SecurityException: Denied: caller with subject=Subject: 
Principal: jaasuser 
Principal: Roles(members:DSBeanRole,ProtectedServletGroup,ValidUser,jaasrole) 
Principal: CallerPrincipal(members:jaasuser) 
and security context post-mapping roles=Roles(DSBeanRole,ProtectedServletGroup,ValidUser,jaasrole,).

Is that I need the caller subject to EJBContext in my Servlet or do I need to define some policy file to give permission?  If yes, could you please let me know how to set.

Thanks & Regards,
Sangeetha

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4264332#4264332

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4264332



More information about the jboss-user mailing list