users@glassfish.java.net

[GF 3.1] Failed permission: please help explaining this error message

From: <forums_at_java.net>
Date: Wed, 1 Jun 2011 09:56:06 -0500 (CDT)

Hi,

 

I am trying to figure out why my webservice keeps denying my client an access
to a method. I AM SURE the role is declared, mapped correctly. I
AM ALSO SURE my certificate realm grants the correct groups mapped to the
role. But i cannot understand why the server keeps saying 'failed permission
check'. Here is my server.log:

 

[#|2011-06-01T16:45:59.610+0200|FINE|glassfish3.1|javax.enterprise.system.core.security|_ThreadID=36;_ThreadName=Thread-1;ClassName=com.sun.enterprise.security.provider.BasePolicyWrapper;MethodName=doImplies;|JACC
Policy Provider, failed Permission Check at :
java.lang.Exception
    at
com.sun.enterprise.security.provider.BasePolicyWrapper.doImplies(BasePolicyWrapper.java:408)
    at
com.sun.enterprise.security.provider.BasePolicyWrapper.implies(BasePolicyWrapper.java:250)
    at
org.glassfish.ejb.security.application.EJBSecurityManager.authorize(EJBSecurityManager.java:716)
    at
com.sun.ejb.containers.BaseContainer.authorize(BaseContainer.java:2350)
    at
com.sun.ejb.EjbInvocation.authorizeWebService(EjbInvocation.java:643)
    at
com.sun.enterprise.security.authorize.EJBPolicyContextDelegate.authorize(EJBPolicyContextDelegate.java:97)
    at
com.sun.enterprise.security.jmac.provider.config.PipeHelper.authorize(PipeHelper.java:268)
    at
com.sun.enterprise.security.webservices.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:198)
    at
com.sun.enterprise.security.webservices.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:144)
    at
com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:119)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:641)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:600)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:585)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:482)
    at
com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:314)
    at
com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:608)
    at
com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:259)
    at
com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:162)
    at
org.glassfish.webservices.Ejb3MessageDispatcher.handlePost(Ejb3MessageDispatcher.java:120)
    at
org.glassfish.webservices.Ejb3MessageDispatcher.invoke(Ejb3MessageDispatcher.java:91)
    at
org.glassfish.webservices.EjbWebServiceServlet.dispatchToEjbEndpoint(EjbWebServiceServlet.java:200)
    at
org.glassfish.webservices.EjbWebServiceServlet.service(EjbWebServiceServlet.java:131)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
    at
com.sun.grizzly.http.servlet.ServletAdapter$FilterChainImpl.doFilter(ServletAdapter.java:1002)
    at
com.sun.grizzly.http.servlet.ServletAdapter$FilterChainImpl.invokeFilterChain(ServletAdapter.java:942)
    at
com.sun.grizzly.http.servlet.ServletAdapter.doService(ServletAdapter.java:404)
    at
com.sun.grizzly.http.servlet.ServletAdapter.service(ServletAdapter.java:354)
    at
com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:168)
    at
com.sun.enterprise.v3.server.HK2Dispatcher.dispath(HK2Dispatcher.java:117)
    at
com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:234)
    at
com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:822)
    at
com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:719)
    at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1013)
    at
com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
    at
com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
    at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
    at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
    at
com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
    at
com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
    at
com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
    at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
    at
com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
    at
com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
    at java.lang.Thread.run(Thread.java:679)
|#]
[#|2011-06-01T16:45:59.611+0200|INFO|glassfish3.1|javax.enterprise.system.core.security|_ThreadID=36;_ThreadName=Thread-1;|JACC
Policy Provider: Failed Permission Check, context(Auth/Auth)-
permission((javax.security.jacc.EJBMethodPermission CustomerAuthentication
hello,ServiceEndpoint,java.lang.String))|#]
[#|2011-06-01T16:45:59.612+0200|FINEST|glassfish3.1|javax.enterprise.system.core.security|_ThreadID=36;_ThreadName=Thread-1;ClassName=com.sun.enterprise.security.provider.BasePolicyWrapper;MethodName=getPermissions;|JACC
Policy Provider: PolicyWrapper.getPermissions(d), context (Auth/Auth)
permissions: java.security.Permissions_at_75327a83 (
 (unresolved com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission
access null)
 (unresolved com.sun.enterprise.security.CORBAObjectPermission * *)
 (javax.security.auth.PrivateCredentialPermission
javax.resource.spi.security.PasswordCredential * "*" read)
 (java.io.FilePermission <<ALL FILES>> read,write)
 (java.io.FilePermission /var/glassfish/domains/hypsoma/lib/databases/-
delete)
 (java.io.FilePermission /tmp/- delete)
 (javax.management.MBeanPermission [com.sun.messaging.jms.*:*] *)
 (javax.management.MBeanTrustPermission register)
 (java.lang.RuntimePermission getClassLoader)
 (java.lang.RuntimePermission loadLibrary.*)
 (java.lang.RuntimePermission accessDeclaredMembers)
 (java.lang.RuntimePermission getProtectionDomain)
 (java.lang.RuntimePermission modifyThreadGroup)
 (java.lang.RuntimePermission stopThread)
 (java.lang.RuntimePermission setContextClassLoader)
 (java.lang.RuntimePermission queuePrintJob)
 (java.util.PropertyPermission line.separator read)
 (java.util.PropertyPermission java.vm.version read)
 (java.util.PropertyPermission java.vm.specification.version read)
 (java.util.PropertyPermission java.vm.specification.vendor read)
 (java.util.PropertyPermission java.vendor.url read)
 (java.util.PropertyPermission java.vm.name read)
 (java.util.PropertyPermission * read,write)
 (java.util.PropertyPermission os.name read)
 (java.util.PropertyPermission java.vm.vendor read)
 (java.util.PropertyPermission path.separator read)
 (java.util.PropertyPermission java.specification.name read)
 (java.util.PropertyPermission os.version read)
 (java.util.PropertyPermission os.arch read)
 (java.util.PropertyPermission java.class.version read)
 (java.util.PropertyPermission java.version read)
 (java.util.PropertyPermission file.separator read)
 (java.util.PropertyPermission java.vendor read)
 (java.util.PropertyPermission java.vm.specification.name read)
 (java.util.PropertyPermission java.specification.version read)
 (java.util.PropertyPermission java.specification.vendor read)
 (java.net.SocketPermission localhost:1024- listen,resolve)
 (java.net.SocketPermission * connect,resolve)
)
|#]
[#|2011-06-01T16:45:59.612+0200|FINE|glassfish3.1|javax.enterprise.system.core.security|_ThreadID=36;_ThreadName=Thread-1;ClassName=com.sun.enterprise.security.provider.BasePolicyWrapper$2;MethodName=run;|Domain
that failed(ProtectionDomain  (file:/Auth/Auth <no signer certificates>)
 null
 (principals org.glassfish.security.common.PrincipalImpl "CN=gauss,
OU=GlassFish, O=Oracle Corporation, L=Santa Clara, ST=California, C=US",
javax.security.auth.x500.X500Principal "CN=gauss,OU=GlassFish,O=Oracle
Corporation,L=Santa Clara,ST=California,C=US")
 java.security.Permissions_at_45096a91 (
 (unresolved com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission
access null)
 (unresolved com.sun.enterprise.security.CORBAObjectPermission * *)
 (javax.security.auth.PrivateCredentialPermission
javax.resource.spi.security.PasswordCredential * "*" read)
 (java.io.FilePermission /tmp/- delete)
 (java.io.FilePermission /var/glassfish/domains/hypsoma/lib/databases/-
delete)
 (java.io.FilePermission <<ALL FILES>> read,write)
 (javax.management.MBeanPermission [com.sun.messaging.jms.*:*] *)
 (javax.management.MBeanTrustPermission register)
 (java.lang.RuntimePermission getClassLoader)
 (java.lang.RuntimePermission loadLibrary.*)
 (java.lang.RuntimePermission accessDeclaredMembers)
 (java.lang.RuntimePermission getProtectionDomain)
 (java.lang.RuntimePermission modifyThreadGroup)
 (java.lang.RuntimePermission stopThread)
 (java.lang.RuntimePermission setContextClassLoader)
 (java.lang.RuntimePermission queuePrintJob)
 (java.util.PropertyPermission line.separator read)
 (java.util.PropertyPermission java.vm.version read)
 (java.util.PropertyPermission java.vm.specification.version read)
 (java.util.PropertyPermission java.vm.specification.vendor read)
 (java.util.PropertyPermission java.vendor.url read)
 (java.util.PropertyPermission java.vm.name read)
 (java.util.PropertyPermission * read,write)
 (java.util.PropertyPermission os.name read)
 (java.util.PropertyPermission java.vm.vendor read)
 (java.util.PropertyPermission path.separator read)
 (java.util.PropertyPermission java.specification.name read)
 (java.util.PropertyPermission os.version read)
 (java.util.PropertyPermission os.arch read)
 (java.util.PropertyPermission java.class.version read)
 (java.util.PropertyPermission java.version read)
 (java.util.PropertyPermission file.separator read)
 (java.util.PropertyPermission java.vendor read)
 (java.util.PropertyPermission java.vm.specification.name read)
 (java.util.PropertyPermission java.specification.version read)
 (java.util.PropertyPermission java.specification.vendor read)
 (java.net.SocketPermission localhost:1024- listen,resolve)
 (java.net.SocketPermission * connect,resolve)
)
)|#]
[#|2011-06-01T16:45:59.612+0200|FINEST|glassfish3.1|javax.enterprise.system.core.security|_ThreadID=36;_ThreadName=Thread-1;ClassName=com.sun.enterprise.security.provider.BasePolicyWrapper;MethodName=doImplies;|JACC
Policy Provider: PolicyWrapper.implies, context (Auth/Auth)- result
was(false) permission ((javax.security.jacc.EJBMethodPermission
CustomerAuthentication hello,ServiceEndpoint,java.lang.String))|#]
[#|2011-06-01T16:45:59.612+0200|FINE|glassfish3.1|javax.enterprise.system.core.security|_ThreadID=36;_ThreadName=Thread-1;ClassName=com.sun.enterprise.security.provider.BasePolicyWrapper$2;MethodName=run;|Domain
that failed(ProtectionDomain  (file:/Auth/Auth <no signer certificates>)
 null
 (principals org.glassfish.security.common.PrincipalImpl "CN=gauss,
OU=GlassFish, O=Oracle Corporation, L=Santa Clara, ST=California, C=US",
javax.security.auth.x500.X500Principal "CN=gauss,OU=GlassFish,O=Oracle
Corporation,L=Santa Clara,ST=California,C=US")
 java.security.Permissions_at_45096a91 (
 (unresolved com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission
access null)
 (unresolved com.sun.enterprise.security.CORBAObjectPermission * *)
 (javax.security.auth.PrivateCredentialPermission
javax.resource.spi.security.PasswordCredential * "*" read)
 (java.io.FilePermission /tmp/- delete)
 (java.io.FilePermission /var/glassfish/domains/hypsoma/lib/databases/-
delete)
 (java.io.FilePermission <<ALL FILES>> read,write)
 (javax.management.MBeanPermission [com.sun.messaging.jms.*:*] *)
 (javax.management.MBeanTrustPermission register)
 (java.lang.RuntimePermission getClassLoader)
 (java.lang.RuntimePermission loadLibrary.*)
 (java.lang.RuntimePermission accessDeclaredMembers)
 (java.lang.RuntimePermission getProtectionDomain)
 (java.lang.RuntimePermission modifyThreadGroup)
 (java.lang.RuntimePermission stopThread)
 (java.lang.RuntimePermission setContextClassLoader)
 (java.lang.RuntimePermission queuePrintJob)
 (java.util.PropertyPermission line.separator read)
 (java.util.PropertyPermission java.vm.version read)
 (java.util.PropertyPermission java.vm.specification.version read)
 (java.util.PropertyPermission java.vm.specification.vendor read)
 (java.util.PropertyPermission java.vendor.url read)
 (java.util.PropertyPermission java.vm.name read)
 (java.util.PropertyPermission * read,write)
 (java.util.PropertyPermission os.name read)
 (java.util.PropertyPermission java.vm.vendor read)
 (java.util.PropertyPermission path.separator read)
 (java.util.PropertyPermission java.specification.name read)
 (java.util.PropertyPermission os.version read)
 (java.util.PropertyPermission os.arch read)
 (java.util.PropertyPermission java.class.version read)
 (java.util.PropertyPermission java.version read)
 (java.util.PropertyPermission file.separator read)
 (java.util.PropertyPermission java.vendor read)
 (java.util.PropertyPermission java.vm.specification.name read)
 (java.util.PropertyPermission java.specification.version read)
 (java.util.PropertyPermission java.specification.vendor read)
 (java.net.SocketPermission localhost:1024- listen,resolve)
 (java.net.SocketPermission * connect,resolve)
)
)|#]
[#|2011-06-01T16:45:59.612+0200|FINEST|glassfish3.1|javax.enterprise.system.core.security|_ThreadID=36;_ThreadName=Thread-1;ClassName=com.sun.enterprise.security.provider.BasePolicyWrapper;MethodName=doImplies;|JACC
Policy Provider: PolicyWrapper.implies, context (Auth/Auth)- result
was(false) permission ((javax.security.jacc.EJBMethodPermission
CustomerAuthentication hello,ServiceEndpoint,java.lang.String))|#]
[#|2011-06-01T16:45:59.620+0200|FINE|glassfish3.1|javax.enterprise.system.core.security.com.sun.enterprise.security.webservices|_ThreadID=252;_ThreadName=Thread-1;ClassName=com.sun.enterprise.security.webservices.CommonServerSecurityPipe;MethodName=processResponse;|ws.status_secure_response|#]
 

 

What am i missing here?


--
[Message sent by forum member 'brzhk']
View Post: http://forums.java.net/node/808056