struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Obster <>
Subject [Struts2] Problem using Struts2 with EJB3 over ServiceLocator (Jboss say Caller unauthorized)
Date Fri, 02 Oct 2009 08:09:55 GMT
Hi everybody,

After I have written some mails to JBoss security forum, I found out 
that the Servlet has a problem. As I can see that has to do with the 
usage of Struts 2 because another application with Struts 1 works.

The problem I don't know where I can continue to resolve the problem an 
wanted to ask if someone can help?

Mail 1:

I have a big problem using JAAS in JBoss 5.1.0GA, which I try to solve 
about 2 days (my employer is not very amused of that...). I use a own 
JASSLoginModule to authenticate a user on a LDAP directory. The roleSet 
is fetched from a database. This part works as I can see and give me the 
result - "AdminUser".

But now when I call a EJB stateless session bean, I always get the 
Caller unauthorized error (Stacktrace is at bottom of the message).

Can anybody give me a hint whats wrong.

The Constants in the @RolesAllowed has "AdminUser" in the list. The 
class is also attached at the end of the message.



Reply 1: From Wolfgang Knauf

Hi Michael,

you probably checked the JBoss log of the security layer (see question 4 
in FAQ)? Do you see output that JBoss could map a user to the required 

Please post the relevant snippets of your login module.

Best regards


Mail 2:

Some new output was generated after enabling debugging. But the only 
thing I can see, that the error is not in the login module but somewhere 
in the servlet container.

Is there something special that I have to pay attention when I'm using 
Struts2 as framework?


Mail 3:

My web.xml:

And the struts2 interceptor I use on sites you have to be logged in:


Hope anyone has a hint what I'm doing wrong.

Kind regards,
Michael Obster

View raw message