Here is another example, more simple.
[#|2010-02-01T09:03:49.349-0500|FINE|glassfishv3.0|javax.enterprise.system.core.security.com.sun.enterprise.security.auth.login|_Thr
eadID=33;_ThreadName=Thread-1;ClassName=com.sun.enterprise.security.auth.login.LoginContextDriver;MethodName=jmacLogin;|jmac
Password login succeeded for : aalp2wstest|#]
[#|2010-02-01T09:03:49.349-0500|FINE|glassfishv3.0|javax.enterprise.system.core.security.com.sun.enterprise.security.jmac.callback|_
ThreadID=33;_ThreadName=Thread-1;ClassName=com.sun.enterprise.security.jmac.callback.BaseContainerCallbackHandler;MethodName=process
PasswordValidation;|JMAC: authentication succeeded for user = |#]
[#|2010-02-01T09:03:49.353-0500|INFO|glassfishv3.0|javax.enterprise.system.core.security|_ThreadID=33;_ThreadName=Thread-1;|JACC
Policy Provider: Failed Permission Check, context(AllianzAssessment/EJB_jar)- permission((javax.security.jacc.EJBMethodPermission
AALEstImageRefDataService getRepairerUpdates,ServiceEndpoint,….GetRepairerUpdatesRequestType))|#]
[#|2010-02-01T09:03:49.355-0500|FINE|glassfishv3.0|javax.enterprise.system.core.security|_ThreadID=33;_ThreadName=Thread-1;ClassName
=com.sun.enterprise.security.provider.BasePolicyWrapper$2;MethodName=run;|Domain that failed(ProtectionDomain
(file:/AllianzAssessment/EJB_jar <no signer certificates>)
null
(principals org.glassfish.security.common.PrincipalImpl "aalmtlp2",
org.glassfish.security.common.Group "GCRassessorAllocation",
org.glassfish.security.common.Group "GCRcostcontrol",
org.glassfish.security.common.Group "GCRpublic",
org.glassfish.security.common.PrincipalImpl "aalmtlp2service",
org.glassfish.security.common.PrincipalImpl "aalp2wstest")
Here call made by aalmtlp2, aalmtlp2service and aalp2wstest are totally unrelated. The webservice call that failed was made by
aalp2wstest.
Does the log means the server tried to check persmission against aalmtlp2 instead of aalp2wstest ?
Does the log means a session had all these 3 principals ? Because that would not made any sense since the client application for
each is different.
Also, the listed group belong to aalmtlp2, and I do not see the groups of aalp2wstest and aalmtlp2service.
Our web service are declared on stateless ejb
@WebService
@Stateless
@RolesAllowed(value={"WebServiceUsers"})
<security-role-mapping>
<role-name>WebServiceUsers</role-name>
<group-name>EIwebservice</group-name>
</security-role-mapping>
What could have we done wrong ?
Help !
Thanks.
VD