[jboss-user] [Security] - Re: Caller unauthorized on using a ejb3 statetlesssessionbea

praenti do-not-reply at jboss.com
Wed Oct 14 08:07:38 EDT 2009 

ok. WebAuthentication is working. I had to create the jboss-web.xml and added there the security-domain. Now my Login module is running.

But the original error is still present. Using a Servlet which does WebAuthentication.

The error:

  | 13:59:50,370 INFO  [SpiiderLoginModule] LdapLoginModule, dsJndiName=cancardviewe
  | rDS
  | 13:59:50,370 INFO  [SpiiderLoginModule] rolesQuery=SELECT u.userid, r."role" FRO
  | M "security".application_user u, "security".application_role r, "security".user_
  | role ur WHERE u.userid = ? AND u.userid = ur.user_id AND ur.role_id = r."role"
  | 13:59:50,370 INFO  [SpiiderLoginModule] defaultRole=RegularUser
  | 13:59:50,370 INFO  [SpiiderLoginModule] trying dn: uid=extern.michael.obster, ou
  | =xxx,ou=People,ou=Access
  | 13:59:50,370 INFO  [SpiiderLoginModule] Logging into LDAP server, env={java.nami
  | ng.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, dsJndiName=cancardviewerDS,
  |  rolesQuery=SELECT u.userid, r."role" FROM "security".application_user u, "secur
  | ity".application_role r, "security".user_role ur WHERE u.userid = ? AND u.userid
  |  = ur.user_id AND ur.role_id = r."role", java.naming.security.principal=uid=exte
  | rn.michael.obster, ou=xxx,ou=People,ou=Access, jboss.security.security_domai
  | n=cancardDomain, java.naming.provider.url=ldap://xxxxxxx, java.namin
  | g.security.authentication=simple, java.naming.security.credentials=***, principa
  | l.dn.groups=ou=xxxxxx
  | ,ou=People,ou=Access:ou=External,ou=People,ou=Access}
  | 13:59:50,401 INFO  [SpiiderLoginModule] Failed to log into LDAP server. [LDAP: e
  | rror code 32 - No Such Object]
  | 13:59:50,401 INFO  [SpiiderLoginModule] trying dn: uid=extern.michael.obster, ou
  | =External,ou=People,ou=Access
  | 13:59:50,401 INFO  [SpiiderLoginModule] Logging into LDAP server, env={java.nami
  | ng.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, dsJndiName=cancardviewerDS,
  |  rolesQuery=SELECT u.userid, r."role" FROM "security".application_user u, "secur
  | ity".application_role r, "security".user_role ur WHERE u.userid = ? AND u.userid
  |  = ur.user_id AND ur.role_id = r."role", java.naming.security.principal=uid=exte
  | rn.michael.obster, ou=External,ou=People,ou=Access, jboss.security.security_doma
  | in=cancardDomain, java.naming.provider.url=ldap://xxxxxxxx, java.nami
  | ng.security.authentication=simple, java.naming.security.credentials=***, princip
  | al.dn.groups=ou=xxxxxx
  | ,ou=People,ou=Access:ou=External,ou=People,ou=Access}
  | 13:59:50,417 INFO  [SpiiderLoginModule] Logged into LDAP server, javax.naming.ld
  | ap.InitialLdapContext at 1a21699
  | 13:59:50,480 INFO  [SpiiderLoginModule] getRoleSets using rolesQuery: SELECT u.u
  | serid, r."role" FROM "security".application_user u, "security".application_role
  | r, "security".user_role ur WHERE u.userid = ? AND u.userid = ur.user_id AND ur.r
  | ole_id = r."role", gid: 99A44E672EA8C49B
  | 13:59:50,511 DEBUG [SpiiderLoginModule] Principal: AdminUser
  | 13:59:50,542 INFO  [LoginServlet] Login sucessfull
  | 13:59:51,011 ERROR [[LoginServlet]] Servlet.service() for servlet LoginServlet t
  | hrew exception
  | javax.ejb.EJBAccessException: Caller unauthorized
  |         at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(Ro
  | leBasedAuthorizationInterceptorv2.java:199)
  |         at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
  | java:102)
  |         at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3Au
  | thenticationInterceptorv2.java:186)
  |         at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
  | java:102)
  |         at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterce
  | ptor.java:41)
  |         at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
  | java:102)
  |         at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContaine
  | rShutdownInterceptor.java:67)
  |         at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
  | java:102)
  |         at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invo
  | ke(CurrentInvocationInterceptor.java:67)
  |         at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
  | java:102)
  |         at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessCo
  | ntainer.java:421)
  |         at org.jboss.ejb3.remoting.IsLocalInterceptor.invokeLocal(IsLocalInterce
  | ptor.java:85)
  |         at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.
  | java:72)
  |         at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
  | java:102)
  |         at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
  |         at $Proxy344.invoke(Unknown Source)
  |         at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandl
  | erBase.invoke(SessionProxyInvocationHandlerBase.java:207)
  |         at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandl
  | erBase.invoke(SessionProxyInvocationHandlerBase.java:164)
  |         at $Proxy343.getAllRoles(Unknown Source)
  |         at vwg.audi.cancard.webservlet.LoginServlet.serveRequest(LoginServlet.ja
  | va:61)
  |         at vwg.audi.cancard.webservlet.LoginServlet.doGet(LoginServlet.java:29)
  |         at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
  |         at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
  |         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
  | icationFilterChain.java:290)
  |         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
  | ilterChain.java:206)
  |         at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFi
  | lter.java:96)
  |         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
  | icationFilterChain.java:235)
  |         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
  | ilterChain.java:206)
  |         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
  | alve.java:235)
  |         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
  | alve.java:191)
  |         at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Securit
  | yAssociationValve.java:190)
  |         at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValv
  | e.java:92)
  |         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.proce
  | ss(SecurityContextEstablishmentValve.java:126)
  |         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invok
  | e(SecurityContextEstablishmentValve.java:70)
  |         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
  | ava:127)
  |         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
  | ava:102)
  |         at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedC
  | onnectionValve.java:158)
  |         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
  | ve.java:109)
  |         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
  | a:330)
  |         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
  | :829)
  |         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
  | ss(Http11Protocol.java:598)
  |         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:44
  | 7)
  |         at java.lang.Thread.run(Thread.java:619)
  | 

The used servlet LoginServlet:

  | package vwg.audi.cancard.webservlet;
  | 
  | import java.io.IOException;
  | 
  | import javax.ejb.EJBAccessException;
  | import javax.servlet.ServletException;
  | import javax.servlet.http.HttpServlet;
  | import javax.servlet.http.HttpServletRequest;
  | import javax.servlet.http.HttpServletResponse;
  | 
  | import org.apache.log4j.Logger;
  | import org.jboss.web.tomcat.security.login.WebAuthentication;
  | 
  | public class LoginServlet extends HttpServlet
  | {
  | 	private Logger log = Logger.getLogger(LoginServlet.class); 
  | 
  | 	/**
  | 	 * 
  | 	 */
  | 	private static final long serialVersionUID = -5539909157863711284L;
  | 
  | 	/**
  | 	 * Process the HTTP Get request
  | 	 */
  | 	public void doGet(HttpServletRequest request, HttpServletResponse response)
  | 			throws ServletException, IOException
  | 	{
  | 		serveRequest(request, response);
  | 	}
  | 
  | 	/**
  | 	 * Process the HTTP Post request
  | 	 */
  | 	public void doPost(HttpServletRequest request, HttpServletResponse response)
  | 			throws ServletException, IOException
  | 	{
  | 		serveRequest(request, response);
  | 	} // doPost
  | 
  | 	/**
  | 	 * In dieser Methode findet die eigentliche Verarbeitung des
  | 	 * HTTPServletRequests statt. Sie wird von den beiden public Methoden doPost
  | 	 * und doGet aufgerufen.
  | 	 */
  | 	public void serveRequest(HttpServletRequest request,
  | 			HttpServletResponse response) throws ServletException, IOException
  | 	{
  | 		String username = "extern.michael.obster";
  | 		String pass = "myPassword";
  | 		WebAuthentication webAuthentication = new WebAuthentication();
  | 		
  | 		if (webAuthentication.login(username, pass)) {
  | 			log.info("Login sucessfull");
  | 		}
  | 		else {
  | 			log.info("Login failed");
  | 		}
  | 		
  | 		try {
  | 			ServiceLocator.getInstance().getUserService().getAllRoles();
  | 		} catch (ServiceLocatorException e) {
  | 			e.printStackTrace();
  | 		}
  | 		
  | 		webAuthentication.logout();
  | 		
  | 		
  | 	}
  | 
  | 	
  | 	
  | }
  | 

Any idea what the problem is?

Best regards,
Michael

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4260283#4260283

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4260283

More information about the jboss-user mailing list