[jboss-user] [Security] - JBoss JAAS Authorization Exception

[akhilachuthan]

my piece of code is accessing ejb session methods that has roles defined to it. But its quite strange to see that a few of those does not allow access even when there is enough roles associated with the calling principal..

below is the log for the error. Here my session bean method is protected with a role named DEFAULT_ROLE_FOR_SERVER. The calling principal has it too, but is still denied access.. Any idea????




2009-10-29 15:47:13,156 TRACE [org.jboss.security.audit.providers.LogAuditProvider] (Thread-51:) [Error]Source=org.jboss.security.plugins.javaee.EJBAuthorizationHelper;Exception:=Authorization Failed: null;Resource:=[org.jboss.security.authorization.resources.EJBResource:contextMap={policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration at 303418}:method=public final com.test.nms.server.protocol.manager.datamodel.Snmpv2c com.test.nms.server.protocol.manager.ProtocolFacade.getProtocol(long) throws java.lang.Exception:ejbMethodInterface=Local:ejbName=ProtocolFacade:ejbPrincipal=defaultuser:MethodRoles=Roles(DEFAULT_ROLE_FOR_SERVER,):securityRoleReferences=null:callerSubject=Subject:
	Principal: defaultuser
	Principal: Roles(members:FAU_ALM_VIEW_ANNOTATE,PERF_TASK_SCHEDULE,INVENTORY_MGMT,RSTR_DATABASE_ADMIN,DEV_GROUP_ADD,LINK_VIEW,FAU_SYSLOGS_EXPORT,CONF_TEMP_SCH_START,CONF_DISC_TRIG,CONF_TEMP_MAINT,CONF_FTP_SERVER_ADD,CONF_SOFT_MAINT_MOD,CONF_SOFT_MAINT_VIEW,CONF_DISC_TRIG_DEL,FAU,FAU_ALM_SUMM,CONF_TEMP_EXEC,FAU_ALM_DETAILS,FAU_SYS_LOGS_PURGE_EDIT,FAU_ALM_EMAILPUB,GEN_MAIL_SERVER_MOD,FAU_ALM_VIEW_PRINT,SECURITY_MGR_TREE,BACKUP_DATABASE_ADMIN_SCHEDULE,FAU_ALM,FAU_ALM_PURGE_EDIT,SEC_MOD_USR_CHG_ADMIN,TOOLS_MIB,CONF_TEMP_MAINT_COPY,CONF_FTP_SERVER_VIEW,FAU_SYSPAR_VIEW_ADD,CONF_ALM_TRIG_MOD,GEN,PERF_REP_VIEW,FAU_ALM_VIEW_EXPORT,FAU_LOGS_EXPORT,CONF_TEMP_SCH_ADD,DEV_EDIT,GOOGLE_MAP_SETTINGS,DEV_VIEW_DETAILS,PERF_TASK_TEMPLATE,SEC_MOD_USER,FAU_ALM_ARCHIVE_SERVER,SEC_ADD_USER,LINK_ADD,FAU_LOGS_VIEW,FAU_SYSPAR_VIEW,MODIFY_TOPO_DIAGRAM,CONF_ALM_TRIG,FAU_LOGS_ARCHIVE_SERVER,CONF_SOFT_SCH_START,CONF_ALM_TRIG_ADD,SEC_USER_AUDIT_VIEW,FAU_SYS_LOGS_PURGE_VIEW,FAU_PAR_VIEW_MOD,DEL_TOPO_DIAGRAM,LOGIN,FAU_MANAGE,CONF_ALM_TRIG_VIEW,CONF_SOFT_MAINT,GEN_MAIL_SERVER_VIEW,SEC_VIEW_USER,FAU_ALM_VIEW_ACK,FAU_ALM_PAGERPUB_FLTR,CONF_DISC_TRIG_ASSOCIATE_FIL,CONF_SOFT_SCH_ADD,BACKUP_DATABASE_ADMIN_VIEW,CONF_TEMPLATE,FAU_ALM_PAGERPUB,CONF_ALM_TRIG_DEL,CONF_SOFT_SCH_DEL,CONF_TEMP_SCH_STOP,FAU_LOGS_PRINT,DEFAULT_ROLE_FOR_SERVER,ADMINISTRATION,PERF_TASK_SCH_DEL,FAU_LOGS_PURGE_EDIT,CONF_SOFT_MAINT_OBS,PERF_REP_SCH_VIEW,FAU_ALM_PURGE_VIEW,CONF_TEMP_SCH_MOD,PERF_TASK_SCH_VIEW,PERF_TASK_SCH_STARTSTOP,FAU_SYSLOGS_VIEW,PERF_THR_MOD,FAU_PARSER,FAU_ALM_EMAILPUB_FLTR,PERF_USER_TASK,DISC_DEL_NWK,PERF_THR_ADD,CONF_TEMP_MAINT_DEL,GEN_SNMP_MOD,CONF_FTP_SERVER_DEL,PERF_TASK_TEMP_MOD,FAU_ALM_SNMPPUB,FAU_ALM_VIEW,BACKUP_DATABASE_ADMIN_SCH_VIEW,CONF_TEMP_SCH,CONF_AUDIT_TRAILS_VIEW,SEC_USER,BACKUP_DATABASE_ADMIN_DEL,DEV_GROUP_EDIT,SEC_DEL_GRP,FAU_ALM_SNMPPUB_FLTR,CONF_SOFT_MAINT_DEL,FAU_ALM_SNMPPUB_DEL,FAU_ALM_EMAILPUB_MOD,CONF_TEMP_MAINT_VIEW,CONF_FTP_SERVER,PERF_DASHBOARD_MOD,PERF_REP_VIEW_OUTAGE_REP,CONF_TEMP_SCH_VIEW,FAU_ALM_PAGERPUB_DEL,FAU_ALM_VIEW_DEL,FAU_PAR_VIEW_DEL,LINK_DELETE,PERF_TASK_SCH_ADD,PERF,DISC_CONF_MOD,DISC_ADD_NWK,FAU_ALM_SNMPPUB_MOD,FAU_SYSPAR,FAU_ALM_ARCHIVE,FAU_SYSLOGS_PRINT,FAU_LOGS_ARCHIVE,DISC_MOD_NWK,DISC_START,FAU_ALM_PAGERPUB_ADD,CONF_FTP_SERVER_MOD,PERF_THR,FAU_PAR,GEN_SNMP_VIEW,FAU_SYSPAR_VIEW_MOD,PERF_DASHBOARD_SYS_REACH,CONF_TEMP_MAINT_IMPORT,CONF_TEMP_SCH_DEL,ADD_NEW_TOPO_DIAGRAM,CONF_AUDIT_TRAILS_EXPORT,DEV_GROUP_DELETE,CONF_AUDIT_TRAILS,TOOLS_TELNET,CONF_SOFT_MAINT_ADD,CONF_SOFT_SCH_VIEW,SEC_AUDIT_CONFIG_MOD,CONF_TEMP_MAINT_ADD,BACKUP_DATABASE_ADMIN,GEN_SEV_CLR_VIEW,SYS_CONF,CONF_DISC_TRIG_ADD,SEC_DEL_USER,DEV_GROUP_DETAILS,FAU_ALM_GEN_REP,TOPO,FAU_LOGS_PURGE_VIEW,DEV_NEREMARKS_VIEW_ADD,FAU_ALM_EMAILPUB_ADD,CONF_DISC_TRIG_MOD,CONF_TEMP_MAINT_MOD,DISC_VIEW_PROG,CONF_SOFT_SCH_STOP,SECURITY_LOGIN,PERF_REP_VIEW_HIST_STAT,PERF_TASK_TEMP_ADD,FAU_PAR_VIEW_ADD,EMS_MGMT,TOOLS,GEN_SEV_CLR_VIEW_MOD,TOPO_GOOGLE_MAP_VIEW,FAU_ALM_VIEW_OWNER,PERF_THR_VIEW,FAU_ALM_ARCHIVE_LOCAL,DEV_NEREMARKS_VIEW,FAU_ALM_EMAILPUB_DEL,SEC_GRP,LOGOFF,FAU_PAR_VIEW,PERF_DASHBOARD_VIEW,DEV_ADD,FAU_SYSPAR_VIEW_DEL,DEV_DELETE,VIEW_LINK,CONF_SOFT_SCH_MOD,BACKUP_DATABASE_FTP_REASSIGN,TOOLS_CLR,CONF_TEMP_MAINT_OBS,SEC_MOD_USR_CHG_GENERAL,DEV_POSITION,CONF_TEMP_SCH_COPY,FAU_ALM_VIEW_CLR,PERF_TASK_TEMP_DEL,CONF_DISCOVERY,SEC_KILL_USER,PERF_TASK_SCH_MOD,PERF_DASHBOARD_DEL,BACKUP_DATABASE_ADMIN_USR_TRIG,SEC_MOD_GRP,DISC_VIEW_NWK,SEC_AUDIT_CONFIG_VIEW,GOOGLE_MAP_DELETE_LOCATION,TOPO_FTP_REASSIGN,FAU_LOGS_ARCHIVE_LOCAL,PERF_DASHBOARD_ADD,PERF_TASK_TEMP_VIEW,PERF_THR_DEL,DEV_TELNET,PERF_DAT_COLL_VIEW_ADD,SEC_VIEW_GRP,FAU_SYSLOGS,CONF_SOFT_SCH,FAU_LOGS,SECURITY_MGR,PERF_DASHBOARD_PM_STATS,NETWORK_TOPO_DIAGRAM,CONF_SOFT_SCH_COPY,CONF_TEMP_MAINT_EXPORT,FAU_ALM_PAGERPUB_MOD,SEC_MAG_DEV,SEC_ADD_GRP,DISC,PERF_REP_VIEW_REAL_STAT,DEFAULT_ROLE_FOR_CLIENT,CONF_SOFTWARE,DISC_STOP,FAU_ALM_SNMPPUB_ADD,SEC_GRP_MOD_FUN_ACC,DATABASE_ADMINISTRATION,GOOGLE_MAP_SAVE_LOCATION,CONF)
:callerRunAs=null:callerRunAs=null:ejbRestrictionEnforcement=false:ejbVersion=null];policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration at 303418;

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262945#4262945

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262945