[jboss-user] [Security] - Re: java.lang.SecurityException: Denied: caller with subject
sangeetha.gold
do-not-reply at jboss.com
Fri Nov 6 08:12:43 EST 2009
Hi,
Thanks for the reply! As you suggessted, I have rollbacked the changes that made in security-policies-jboss-beans.xml. Now this file is as it is we will get in Jboss installation. I am not build new application, this is old application developed in EJB1.1. [Is it required to upgrade to EJB3.0 but I didnt think so its required]. Now the jboss.xml in "ejb-jar"/META-INF looks like as follows :
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 5.0//EN" "http://www.jboss.org/j2ee/dtd/jboss_5_0.dtd">
<security-domain>java:/jaas/UIdPSso</security-domain>
<enterprise-beans>
<ejb-name>DsBean</ejb-name>
<jndi-name>DsBean</jndi-name>
</enterprise-beans>
I could see from the log that its making call to the CustomLoginModule & getting the Subject. But its throwing java.lang.SecurityException. But I am able to access unprocted EJBs and protected servlet.
Just for your reference from the log file:
java.lang.SecurityException: Denied: caller with subject=Subject:
Principal: jaasuser
Principal: Roles(members:DSBeanRole,ProtectedServletGroup,ValidUser,jaasrole)
Principal: CallerPrincipal(members:jaasuser)
and security context post-mapping roles=Roles(DSBeanRole,ProtectedServletGroup,ValidUser,jaasrole,).
Is that I need the caller subject to EJBContext in my Servlet or do I need to define some policy file to give permission? If yes, could you please let me know how to set.
Thanks & Regards,
Sangeetha
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4264332#4264332
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4264332
More information about the jboss-user
mailing list