Weblogic6.1 SP5 on W2K. Our applications uses a custom ServiceLocator singleton to find EJB homes. In the past, we did not use any type of J2EE security, so we cached a single instance of the InitialContext in the SL to perform lookups. Now, we are still using a single instance of the InitialContext but with additional security parameters (prinicipal and credentials). Anyway, the first user into the application and runs without any problems. User logs off and logs back on and I consistently get this error for all subsequent access to the application...

        java.lang.SecurityException: Security violation: insufficient permission to access method
java.rmi.AccessException: Security violation: insufficient permission to access method; nested exception is:
        java.lang.SecurityException: Security violation: insufficient permission to access method
java.lang.SecurityException: Security violation: insufficient permission to access method
        at weblogic.ejb20.internal.StatelessEJBHome.create(StatelessEJBHome.java:125)
        at com.frx.emp.go.ejb.session.search.GoalSearchManagerBean_e4tboy_HomeImpl.create(GoalSearchManagerBean_e4tboy_HomeImpl.java:89)
        at com.frx.emp.go.web.handler.GoalSearchHandler.searchForImpendingData(GoalSearchHandler.java:104)
        at com.frx.emp.go.web.handler.GoalSearchHandler.handleRequest(GoalSearchHandler.java:68)
        at com.frx.emp.web.mvc.HandlerMappedController.service(HandlerMappedController.java:107)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
        at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:265)
        at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:200)
        at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2495)
        at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2204)
        at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
        at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)



I just don't get it. The InitialContext object was verified to be the only one in existence in the SL. It is never modified after it is created in the SL static initializer. We even verified the context environment parameters and everything checks out.

Why does it break on all attempts to access the app after the first user runs without any problems?

thanks,

Raffi

Try to print out credentials right before calling the bean at

com.frx.emp.go.web.handler.GoalSearchHandler.searchForImpendingData(GoalSearchHandler.java:104)

Slava