Hi,
I would like to call a secure EJB-Method from a servlet.
So I need to authenticate before making the call. For that I use JAAS´LoginContext.login()
method.
the call of the EJB-Methods are dfined in a PrivilegedAction-Class.
The authentication works.
But when I call Subject.doAs() I get the following error:
java.rmi.AccessException: [EJB:010160]Security Violation: User: '<anonymous>'
has insufficient permission to access EJB: type=<ejb>, application=laifneu, module=laifneu.jar,
ejb=BatchjobFassadeService , method=create, methodInterface=Home, signature={}.
at weblogic.ejb20.internal.MethodDescriptor.checkMethodPermissionsRemote(MethodDescriptor.java:465)
at weblogic.ejb20.internal.StatelessEJBHome.create(StatelessEJBHome.java:151)
at de.dzbw.laif.sessionfassade.BatchjobFassadeService_suvsky_HomeImpl.create(BatchjobFassadeService_suvsky_HomeImpl.java:74)
at de.dzbw.laif.batchjobs.LaifEJBInvokerJob$MyAction.run(LaifEJBInvokerJob.java:342)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:319)
at de.dzbw.laif.batchjobs.LaifEJBInvokerJob.execute(LaifEJBInvokerJob.java:121)
at org.quartz.core.JobRunShell.run(JobRunShell.java:178)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:477)
If I however use Bea´s Security.runAs(), everything works fine.
I would like to use only standard classes. Is it possible to use Subject.doAs()
???
Best Regards
anis