Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Not able to access a secured method of a session bean from a servlet's init() method..

1 view

Skip to first unread message

Suni

unread,

May 19, 2005, 1:20:23 AM5/19/05

Hi!
The error trace is as follows... Please look on for my scenario..I
would be glad to provide further details..

java.rmi.AccessException: [EJB:010160]Security Violation: User:
'<anonymous>' has insufficient permission to access EJB: type=<ejb>,
application=metro, module=metro.jar, ejb=MySessionBean,
method=create, methodInterface=Home, signature={}.
at
weblogic.ejb20.internal.MethodDescriptor.checkMethodPermissionsRemote(MethodDescriptor.java:550)

at
weblogic.ejb20.internal.StatelessEJBHome.create(StatelessEJBHome.java:157)

at
com.sunny.metro.server.ejb.MySessionBean_tc67pu_HomeImpl.create(MySessionBean_tc67pu_HomeImpl.java:66)

at
com.sunny.metro.timer.StartTimerServlet.init(StartTimerServlet.java:35)

The scenario is as follows..

I have a servlet. In its init() method, I am accessing a session
bean(MySessionBean) to perform some functionaity..
public void init(ServletConfig config) throws ServletException {
super.init(config);
System.out.println("%%%%%% This is invoking the servlet %%%%%%");
mySessionHome = Session.getMySessionHome();
try {
mySession = mySessionHome.create();
mySession.createTimer();
} catch (RemoteException e) {
e.printStackTrace();
} catch (CreateException e) {
e.printStackTrace();
}
}

I put some method permissions for this session bean for the method
create in ejb-jar.xml.

The ejb-jar.xml excerpt for the MySessionBean..
<session id="MySessionBean">
<display-name>MySessionBean</display-name>
<ejb-name>MySessionBean</ejb-name>
<home>com.sunny.metro.server.ejb.MySessionHome</home>
<remote>com.sunny.metro.server.ejb.MySession</remote>

<ejb-class>com.sunny.metro.server.ejb.MySessionBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<security-role-ref>
<role-name>MetroAdmin</role-name>
<role-link>AWSAdmin</role-link>

</security-role-ref>
<security-role-ref>
<role-name>MetroDesigner</role-name>
<role-link>AWSDesigner</role-link>
</security-role-ref>
</session>

...
<method-permission>
<role-name>AWSAdmin</role-name>
<role-name>AWSDesigner</role-name>

<method>
<ejb-name>MySessionBean</ejb-name>
<method-name>create</method-name>
</method>
</method-permission>
The servlet's web.xml...
<web-app>
<servlet>
<servlet-name>StartTimerServlet</servlet-name>
<display-name>Timer</display-name>
<description>This is to Start the Timer</description>

<servlet-class>com.sunny.metro.timer.StartTimerServlet</servlet-class>

<load-on-startup>1</load-on-startup>
<run-as>
<role-name>AWSAdmin</role-name>
</run-as>
</servlet>
<servlet-mapping>
<servlet-name>StartTimerServlet</servlet-name>
<url-pattern>/servlets/JMetroTimer</url-pattern>
</servlet-mapping>
<security-role>
<description>Administrator</description>
<role-name>AWSAdmin</role-name>
</security-role>
</web-app>

And weblogic.xml is ...

<weblogic-web-app>

<security-role-assignment>
<role-name>AWSAdmin</role-name>
<principal-name>system</principal-name>
</security-role-assignment>

<run-as-role-assignment>
<role-name>AWSAdmin</role-name>
<run-as-principal-name>system</run-as-principal-name>
</run-as-role-assignment>

</weblogic-web-app>

Please let me know if this is a known issue in weblogic or I am missing

something. BTW I am using weblogic90b.

Thanks,
Suni.

0 new messages