Hi All,
I am running a weblogic 10 server and have deployed
EJB 3. The Authentication works fine for URLs mentioned in the web.xml. But i get the following error when i try to access an EJB. Doesn't matter who i login as but still i get the same error for all the methods. Am i missing something here?
javax.ejb.EJBAccessException: [EJB:010160]Security Violation: User: 'johnson' has insufficient permission to access EJB: type=<ejb>, application=_appsdir_HelloWorldejb_jar, module=HelloWorldejb, ejb=HelloWorldBean, method=sayHelloToAdmin, methodInterface=Remote, signature={}.
at weblogic.ejb.container.internal.MethodDescriptor.checkMethodPermissionsBusiness(MethodDescriptor.java:587)
at weblogic.ejb.container.internal.BaseRemoteObject.checkMethodPermissions(BaseRemoteObject.java:115)
at weblogic.ejb.container.internal.BaseRemoteObject.preInvoke(BaseRemoteObject.java:272)
at weblogic.ejb.container.internal.StatelessRemoteObject.preInvoke(StatelessRemoteObject.java:49)
at helloworld.HelloWorldBean_kap09s_HelloWorldImpl.sayHelloToAdmin(HelloWorldBean_kap09s_HelloWorldImpl.java:266)
at helloworld.HelloWorldBean_kap09s_HelloWorldImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:223)
at helloworld.HelloWorldBean_kap09s_HelloWorldImpl_1001_WLStub.sayHelloToAdmin(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:63)
at $Proxy64.sayHelloToAdmin(Unknown Source)
at jsp_servlet.__sampleperimeteratn._jspService(__sampleperimeteratn.java:111)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:226)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:124)
web.xml
------------------
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <security-constraint>
<web-resource-collection>
<web-resource-name>PagesUnderSecurity</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>
SampleRole
</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>
SampleRole
</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login/Login.jsp</form-login-page>
<form-error-page>/login/error.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
weblogic.xml
-----------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<weblogic-web-app
xmlns="http://www.bea.com/ns/weblogic/90"
xmlns:j2ee="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.bea.com/ns/weblogic/90
http://www.bea.com/ns/weblogic/90/weblogic-web-app.xsd"> <security-role-assignment>
<role-name>SampleRole</role-name>
<principal-name>SampleUsers</principal-name>
</security-role-assignment>
</weblogic-web-app>
HelloWorldBean.java
-----------
package helloworld;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ejb.Remote;
import javax.ejb.Stateless;
@Stateless( mappedName = "ejb/HelloWorld")
@Remote(HelloWorld.class)
public class HelloWorldBean {
@RolesAllowed({"Administrator","SampleUsers","SampleRole"})
public void sayHelloToAdmin(){
System.out.println("Hello Administrator");
}
@RolesAllowed("SampleUsers")
public void sayHelloToUser(){
System.out.println("Hello User");
}
@RolesAllowed("SampleRole")
public void sayHelloToRole(){
System.out.println("Hello Role");
}
@PermitAll
public void sayHelloToEveryOne(){
System.out.println("Hello EveryOne");
}
}