[JBoss-dev] JBosssx: Insufficient method permissions exception

[Darius D. <dar...@jb...>]

HI all, 

advice needed. I trying JBoss 2.3 with JDK 1.4 
everything seems fine expect JAAS sequrity.

I have my TestLoginModule extends UsernamePasswordLoginModule with overwritten login, commit and getRoleSets(). 
When i trace JBoss application i getting such log:
TestLoginModule::login (with caller principal Tester)
TestLoginModule::commit (with caller principal Tester)
TestLoginModule::getIdentity()
TestLoginModule::getRoleSets()
JaasSecurityManager::doesUserHaveRole returns false. Here callerPrincipal is OK (Tester)  but roles = info.roles returns null and info.callerPrincipal returns 
null too.

How it can be? Maybe some default configurations changed for Jboss 2.3

My test configurations:

In my jboss.xml i have 
<jboss>
	<container-configurations>

	<container-configuration>
		<container-name>Standard Stateless SessionBean</container-name>
		<role-mapping-manager>java:/jaas/other</role-mapping-manager>
		<authentication-module>java:/jaas/other</authentication-module>
		</container-configuration>

		<container-configuration>
			<container-name>Standard BMP EntityBean</container-name>
			<role-mapping-manager>java:/jaas/other</role-mapping-manager>
			<authentication-module>java:/jaas/other</authentication-module>
		</container-configuration>

	</container-configurations>
....

in EJB-jar.xml i have
    <assembly-descriptor>
      <security-role>
          <role-name>all</role-name>
      </security-role>
      
        <method-permission>
            <role-name>all</role-name>
            <method>
                <ejb-name>EMailManager</ejb-name>
                <method-name>*</method-name>
            </method>
        </method-permission>
...


Thanks in advance







Darius Davidavicius
www.jbees.com
J2EE consultations, development