<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="http://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
Re: Can't get SessionContext.isCallerInRole(...) to work from remote call.
</h3>
<span style="margin-bottom: 10px;">
created by <a href="http://community.jboss.org/people/kriwic">Krister Wicksell</a> in <i>EJB3</i> - <a href="http://community.jboss.org/message/603396#603396">View the full discussion</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p>Since I did not get any reply on this post I thought I explain a little better. I would like to get some feedback before I report this as a bug because I don't know if I have missed something.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>When I access a stateless bean from outside of JBoss via its remote interface from a Java client SessionContext.isCallerInRole(...) always return false. How ever when I access the same bean from a JSP running in the same JBoss SessionContext.isCallerInRole(...) works correctly. This behavior is in JBoss 5 & 6. In JBoss 4 it works OK for both cases.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>In my small test case I have a stateless bean interface named Test. It have only one method checkRole(). This method should return true if the caller have the role administrator.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><pre class="jive-pre"><code class="jive-code jive-java">@Remote
<font color="navy"><b>public</b></font> <font color="navy"><b>interface</b></font> Test <font color="navy">{</font>
  <font color="navy"><b>public</b></font> <font color="navy"><b>boolean</b></font> checkRole();
<font color="navy">}</font>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The implementation of the role is as follows below. It uses the security domain zert and the only method return the result of SessionContext.isCallerInRole("administrator").</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><pre class="jive-pre"><code class="jive-code jive-java">@Stateless
@Remote(<font color="navy">{</font>Test.class<font color="navy">}</font>)
@SecurityDomain(<font color="red">"zert"</font>)
@DeclareRoles(<font color="navy">{</font><font color="red">"administrator"</font>, <font color="red">"producer"</font>, <font color="red">"consumer"</font><font color="navy">}</font>)
<font color="navy"><b>public</b></font> <font color="navy"><b>class</b></font> TestBean <font color="navy"><b>implements</b></font> Test <font color="navy">{</font>
  @Resource
  <font color="navy"><b>private</b></font> SessionContext context;
 
  @Override
  <font color="navy"><b>public</b></font> <font color="navy"><b>boolean</b></font> checkRole() <font color="navy">{</font>
    <font color="navy"><b>return</b></font> context.isCallerInRole(<font color="red">"administrator"</font>);   
  <font color="navy">}</font>
<font color="navy">}</font>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The security domain zert has only one user called admin. The admin user is in the roles, administrator, producer and consumer. This can be seen in the listing below.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><pre class="jive-pre"><code class="jive-code jive-xml"><span class="jive-xml-tag"><?xml version="1.0" encoding="UTF-8"?></span>
<!DOCTYPE server PUBLIC <span class="jive-xml-quote">-//JBoss//DTD MBean Service 4.0//EN</span> <span class="jive-xml-quote"><a class="jive-link-external-small" href="http://www.jboss.org/j2ee/dtd/jboss-service_4_0.dtd" target="_blank">http://www.jboss.org/j2ee/dtd/jboss-service_4_0.dtd</a></span>>
<span class="jive-xml-tag"><server></span>
  <span class="jive-xml-tag"><mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="jboss:service=DynamicLoginConfig"></span>
    <span class="jive-xml-tag"><attribute name="PolicyConfig" serialDataType="jbxb"></span>
      <span class="jive-xml-tag"><span><jaas:policy
        xsi:schemaLocation="urn:jboss:security-config:4.1 resource:security-config_4_1.xsd"
        xmlns:jaas="urn:jboss:security-config:4.1"
        xmlns:xsi="</span><a class="jive-link-external-small" href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a><span>"></span></span>
        <span class="jive-xml-tag"><jaas:application-policy name="zert"></span>
          <span class="jive-xml-tag"><jaas:authentication></span>
            <span class="jive-xml-tag"><jaas:login-module code="org.jboss.security.auth.spi.XMLLoginModule" flag="required"></span>
              <span class="jive-xml-tag"><jaas:module-option name="userInfo"></span>
                <span class="jive-xml-tag"><ur:users
                  xsi:schemaLocation="urn:jboss:user-roles:1.0 resource:user-roles_1_0.xsd"
                  xmlns:ur="urn:jboss:user-roles:1.0"></span>
                  <span class="jive-xml-tag"><ur:user name="admin" password="test"></span>
                    <span class="jive-xml-tag"><ur:role name="administrator"></span><span class="jive-xml-tag"></ur:role></span>
                    <span class="jive-xml-tag"><ur:role name="producer"></span><span class="jive-xml-tag"></ur:role></span>
                    <span class="jive-xml-tag"><ur:role name="consumer"></span><span class="jive-xml-tag"></ur:role></span>
                  <span class="jive-xml-tag"></ur:user></span>
                <span class="jive-xml-tag"></ur:users></span>
              <span class="jive-xml-tag"></jaas:module-option></span>
              <span class="jive-xml-tag"><jaas:module-option name="unauthenticatedIdentity"></span>guest<span class="jive-xml-tag"></jaas:module-option></span>
            <span class="jive-xml-tag"></jaas:login-module></span>
          <span class="jive-xml-tag"></jaas:authentication></span>
        <span class="jive-xml-tag"></jaas:application-policy></span>       
      <span class="jive-xml-tag"></jaas:policy></span>        
    <span class="jive-xml-tag"></attribute></span>
    <span class="jive-xml-tag"><depends optional-attribute-name="LoginConfigService"></span>jboss.security:service=XMLLoginConfig<span class="jive-xml-tag"></depends></span>
    <span class="jive-xml-tag"><depends optional-attribute-name="SecurityManagerService"></span>jboss.security:service=JaasSecurityManager<span class="jive-xml-tag"></depends></span>
  <span class="jive-xml-tag"></mbean></span>
<span class="jive-xml-tag"></server></span>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>When the Test bean is accessed via the remote interface using the following test client, then SessionContext.isCallerInRole(...) always return false. For me this looks like a bug!</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><pre class="jive-pre"><code class="jive-code jive-java"><font color="navy"><b>public</b></font> <font color="navy"><b>class</b></font> TestClient <font color="navy">{</font>
  <font color="navy"><b>public</b></font> <font color="navy"><b>static</b></font> <font color="navy"><b>void</b></font> main(String[] argv) <font color="navy">{</font>
    <font color="navy"><b>try</b></font> <font color="navy">{</font>
      System.setProperty(<font color="red">"java.security.auth.login.config"</font>, <font color="red">"auth.conf"</font>);
 
      ConnectionHandler connectionHandler = <font color="navy"><b>new</b></font> ConnectionHandler(<font color="red">"admin"</font>, <font color="red">"test"</font>);
      LoginContext loginContext = <font color="navy"><b>new</b></font> LoginContext(<font color="red">"zert"</font>, connectionHandler);
      loginContext.login();
 
      System.out.println(runTest());
 
      loginContext.logout();
    <font color="navy">}</font> <font color="navy"><b>catch</b></font> (Exception e) <font color="navy">{</font>
      e.printStackTrace();
    <font color="navy">}</font>
  <font color="navy">}</font>
 
 
  <font color="navy"><b>public</b></font> <font color="navy"><b>static</b></font> String runTest() <font color="navy"><b>throws</b></font> Exception <font color="navy">{</font>
    Hashtable<String, String> env = <font color="navy"><b>new</b></font> Hashtable<String, String>();
    env.put(Context.INITIAL_CONTEXT_FACTORY, <font color="red">"org.jboss.naming.NamingContextFactory"</font>);
    env.put(Context.PROVIDER_URL, <font color="red">"localhost"</font>);
 
 
    InitialContext context = <font color="navy"><b>new</b></font> InitialContext(env);
 
 
    Test test = (Test)context.lookup(<font color="red">"zert/TestBean/remote"</font>);
 
 
    <font color="navy"><b>return</b></font> <font color="red">"Is administrator: "</font> + test.checkRole();
  <font color="navy">}</font>
 
  ...
<font color="navy">}</font>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>How ever when I access the same bean the following JSP the method workd correctly and returns true.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><pre class="jive-pre"><code class="jive-code jive-xml"><span class="jive-xml-tag"><?xml version="1.0" encoding="UTF-8"?></span>
<!DOCTYPE html PUBLIC <span class="jive-xml-quote">-//W3C//DTD XHTML 1.1//EN</span> <span class="jive-xml-quote"><a class="jive-link-external-small" href="http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" target="_blank">http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd</a></span>>
<span class="jive-xml-tag"><%@page contentType="text/html; charset=UTF-8" %></span>
<span class="jive-xml-tag"><%@page import="se.zert.test.*"%></span>
<span class="jive-xml-tag"><span><html xmlns="</span><a class="jive-link-external-small" href="http://www.w3.org/1999/xhtml" target="_blank">http://www.w3.org/1999/xhtml</a><span>"></span></span>
  <span class="jive-xml-tag"><head></span>
    <span class="jive-xml-tag"><title></span>Test<span class="jive-xml-tag"></title></span>
  <span class="jive-xml-tag"></head></span>
  <span class="jive-xml-tag"><body></span>
    <span class="jive-xml-tag"><%=TestClient.runTest()%></span>
  <span class="jive-xml-tag"></body></span>
<span class="jive-xml-tag"></html></span>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Does anyone have a good answer to why the bean reacts different when accessed from outside of JBoss than inside of JBoss?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Thanks in advance!</p><p>/Krister</p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Reply to this message by <a href="http://community.jboss.org/message/603396#603396">going to Community</a></p>
<p style="margin: 0;">Start a new discussion in EJB3 at <a href="http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2029">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>