• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

javax.ejb.EJBAccessException: [EJB:010160]Security Violation:

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,
I am running a weblogic 10 server and have deployed EJB 3. The Authentication works fine for URLs mentioned in the web.xml. But i get the following error when i try to access an EJB. Doesn't matter who i login as but still i get the same error for all the methods. Am i missing something here?

javax.ejb.EJBAccessException: [EJB:010160]Security Violation: User: 'johnson' has insufficient permission to access EJB: type=<ejb>, application=_appsdir_HelloWorldejb_jar, module=HelloWorldejb, ejb=HelloWorldBean, method=sayHelloToAdmin, methodInterface=Remote, signature={}.
at weblogic.ejb.container.internal.MethodDescriptor.checkMethodPermissionsBusiness(MethodDescriptor.java:587)
at weblogic.ejb.container.internal.BaseRemoteObject.checkMethodPermissions(BaseRemoteObject.java:115)
at weblogic.ejb.container.internal.BaseRemoteObject.preInvoke(BaseRemoteObject.java:272)
at weblogic.ejb.container.internal.StatelessRemoteObject.preInvoke(StatelessRemoteObject.java:49)
at helloworld.HelloWorldBean_kap09s_HelloWorldImpl.sayHelloToAdmin(HelloWorldBean_kap09s_HelloWorldImpl.java:266)
at helloworld.HelloWorldBean_kap09s_HelloWorldImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:223)
at helloworld.HelloWorldBean_kap09s_HelloWorldImpl_1001_WLStub.sayHelloToAdmin(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:63)
at $Proxy64.sayHelloToAdmin(Unknown Source)
at jsp_servlet.__sampleperimeteratn._jspService(__sampleperimeteratn.java:111)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:226)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:124)

web.xml
------------------
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">


<security-constraint>


<web-resource-collection>
<web-resource-name>PagesUnderSecurity</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>

<auth-constraint>
<role-name>
SampleRole
</role-name>
</auth-constraint>

<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>

</security-constraint>

<security-role>
<role-name>
SampleRole
</role-name>
</security-role>

<login-config>
<auth-method>FORM</auth-method>


<form-login-config>
<form-login-page>/login/Login.jsp</form-login-page>
<form-error-page>/login/error.jsp</form-error-page>
</form-login-config>
</login-config>


</web-app>


weblogic.xml
-----------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<weblogic-web-app
xmlns="http://www.bea.com/ns/weblogic/90"
xmlns:j2ee="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-web-app.xsd">

<security-role-assignment>
<role-name>SampleRole</role-name>
<principal-name>SampleUsers</principal-name>
</security-role-assignment>


</weblogic-web-app>

HelloWorldBean.java
-----------
package helloworld;


import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ejb.Remote;
import javax.ejb.Stateless;


@Stateless( mappedName = "ejb/HelloWorld")
@Remote(HelloWorld.class)
public class HelloWorldBean {

@RolesAllowed({"Administrator","SampleUsers","SampleRole"})
public void sayHelloToAdmin(){
System.out.println("Hello Administrator");
}

@RolesAllowed("SampleUsers")
public void sayHelloToUser(){
System.out.println("Hello User");
}

@RolesAllowed("SampleRole")
public void sayHelloToRole(){
System.out.println("Hello Role");
}
@PermitAll
public void sayHelloToEveryOne(){
System.out.println("Hello EveryOne");
}


}
 
I was her plaything! And so was this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic