Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Security doesn't work

0 views
Skip to first unread message

Jens Rossbach

unread,
Sep 20, 2001, 6:47:25 AM9/20/01
to
I need some help concerning security system of Borland AppServer.

I have an entity bean 'User' with a method 'setActive()' that has restricted
access to the role 'Internal' (-> this method shouldn't be called by a
client). I also have a session bean 'Anouncement' that calls the above
method. Now I want to assign the role 'Internal' to the bean 'Anouncement'.


I set up the following parameters in the container:

vbroker.security.enableAuthentication=true
vbroker.security.passwordBackEnd=FileDB
vbroker.security.FileDB.file=adm/security/pdbfile
vbroker.security.rolemap_path=adm/security.ejb.rolemap
ejb.jsec=true


Then I added an user 'internal' with password 'pass' to the FileDB 'pdbfile'
and I added the following lines to the 'ejb.rolemap':

Internal {
CN=internal
}


After that I tried three ways to assign the role 'Internal' to the bean
'Anouncement':

1. with vbroker.security.* parameters
Properties ctxProps = new Properties();
ctxProps.setProperty("ejb.jsec", "true");
ctxProps.setProperty("vbroker.security.wallet.type", "NONE");
ctxProps.setProperty("vbroker.security.wallet.identity", "internal");
ctxProps.setProperty("vbroker.security.wallet.password", "pass");
initCtx = new InitialContext(ctxProps);
// now follows the lookup of the User bean's home object

2. with ejb.jsec.* parameters
Properties ctxProps = new Properties();
ctxProps.setProperty("ejb.jsec", "true");
ctxProps.setProperty("ejb.jsec.wallet.type", "NONE");
ctxProps.setProperty("ejb.jsec.wallet.identity", "internal");
ctxProps.setProperty("ejb.jsec.wallet.password", "pass");
initCtx = new InitialContext(ctxProps);
// now follows the lookup of the User bean's home object

3. with setUPprincipal()
Properties ctxProps = new Properties();
ctxProps.setProperty("ejb.jsec", "true");
initCtx = new InitialContext(ctxProps);
Properties orbProps = new Properties();
orbProps.setProperty("vbroker.orb.dynamicLibs",
"com.inprise.security.Init");
org.omg.CORBA.ORB orb = org.omg.CORBA.ORB.init(new String[]{}, orbProps);
com.inprise.security.CORBAsec.Current secCurrent =
com.inprise.security.CORBAsec.CurrentHelper.narrow(
orb.resolve_initial_references("SecurityCurrent"));
secCurrent.setUPprincipal(uppIdentity, uppPassword);
// now follows the lookup of the User bean's home object


In all three cases I got an exception when the bean invokes the
'setActive()' mothod:

java.rmi.AccessException: CORBA NO_PERMISSION 0[Access by CN=Guest denied to
jensro.diplomarbeit.usermanagement.UserBean.setActive]


What am I doing wrong? It seems that the bean 'Anouncement' always runs in
the role 'Guest' but I want that it runs in the role 'Internal'. Is there an
error in the configuration or did I forget something?


0 new messages