[Security & JAAS/JBoss] - cannot access a session bean with unchecked permissions set
DragosPD 14 June 2005 11:33:32
I have a stateless session bean that run under a security domain but all methods are set to be unchecked for permissions. I cannot access this bean from a client program without providing the correct credentials.
| <method-permission > | <description>[CDATA[description not supported yet by ejbdoclet]]</description> | <unchecked/> | <method > | <description>[CDATA[description not supported yet by ejbdoclet]]</description> | <ejb-name>SecurityService2Session</ejb-name> | <method-name>*</method-name> | </method> | </method-permission> | | this is the relevant portion of the stacktrace:
| Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required | at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:160) | at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:124) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) | at javax.security.auth.login.LoginContext.login(LoginContext.java:579) | at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:480) | at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:420) | at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:237) | at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:210) | at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:151) | at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:74) | at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:121) | ... 25 more |
Why Jboss try to make a login on accessing an unchecked bean? Did I miss something?
------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
![[Security & JAAS/JBoss] - cannot access a session bean with unchecked permissions set](http://qaix.com/i/logo_new.gif){kind=logo}
