The trace:
THREAD 'AWT-EventQueue-1': WARN: Error calling
InstrumentWriterService: java.security.AccessControlException: access
denied (java.lang.RuntimePermission
org.jboss.security.SecurityAssociation.getPrincipalInfo)
java.security.AccessControlException: access denied
(java.lang.RuntimePermission
org.jboss.security.SecurityAssociation.getPrincipalInfo) at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at org.jboss.security.SecurityAssociation.getPrincipal(SecurityAssociation.java:109)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:72)
at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:198)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:76) at
$Proxy0.create(Unknown Source)
at com.starkinvestments.rigor.client.model.InstrumentWriterProxy.write(InstrumentWriterProxy.java:43)
From the .JNLP file:
<security>
<all-permissions/>
</security>
From the bean's dd:
<method-permission>
<unchecked/>
<method>
<ejb-name>com.starkinvestments.service.instrument.writer.InstrumentWriterServiceHome</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
Now, obviously JWS always installs a SecurityManager even when a given
app has all-permissions set; however, you'd think any
SecurityManager.checkXXX() method would pass in that case. It
doesn't, which seems totally screwy to me.
I think what I might need to do to fix this would be to add another
<security> tag in the JNLP to grant a RuntimePermission of
"org.jboss.security.SecurityAssociation.getPrincipalInfo". I guess
the problem would be that this JBoss-specific Permission simply never
gets added. When org.jboss.proxy.SecurityInterceptor.invoke() is
called, it finds the installed SecurityManager, calls
checkPermission() looking for this specific Permission, and this call
throws the AccessControlException as it always does when the specified
Permission doesn't exist.
So, though only thing I need to know is the JNLP syntax for adding a
RuntimePermission, which I haven't been able to find.