[
https://issues.jboss.org/browse/EJBTHREE-2272?page=com.atlassian.jira.plu...
]
arjan tijms commented on EJBTHREE-2272:
---------------------------------------
There's a workaround, but it's a little nasty:
From the @PostConstruct method, send a JMS message to a queue on which
an MDB is listening. Put the MDB into the same securitydomain as the Singleton and also
use the @RunAs annotation. Inject the MDB with the singleton, and call it back. From the
callback, do the original call.
{code}
@Startup
@Singleton
@RunAs("Foo")
@SecurityDomain("mydomain")
public class MySingleton {
@EJB
private MyProtectedBean bean;
@Resource(mappedName="java:/JmsXA")
private ConnectionFactory connectionFactory;
@Resource(mappedName="/queue/mySingletonCallbackQueue")
private Destination destination;
@PostConstruct
public void init() {
// typical verbose code to send JMS message
}
public void callBack() {
bean.protectedMethod();
}
}
@RunAs("Foo")
@SecurityDomain("mydomain")
@MessageDriven(
activationConfig = {
@ActivationConfigProperty(propertyName = "destinationType",
propertyValue = "javax.jms.Queue"),
@ActivationConfigProperty(propertyName = "destination", propertyValue =
"/queue/mySingletonCallbackQueue")
}
)
public class MySingletonCallbackListener implements MessageListener {
@EJB
private MySingleton mySingleton;
@Override
public void onMessage(Message message) {
mySingleton.callBack();
}
}
{code}
It's a bit of a hassle to create an MDB + queue for every Singleton, but you could
perhaps generalize it a little by having singletons implement a general interface and then
sending a text message with the JNDI name of the bean. The MDB can then do general
callbacks.
@Startup @Singleton beans can not call protected EJBs
-----------------------------------------------------
Key: EJBTHREE-2272
URL:
https://issues.jboss.org/browse/EJBTHREE-2272
Project: EJB 3.0
Issue Type: Bug
Components: Security
Reporter: henk de boer
In both JBoss AS 6.10 and JBoss AS 7.02, an @Startup and @Singleton session bean is not
able to call an injected EJB from its @PostConstruct method that is protected via either
the @SecurityDomain annotation, or via a META-INF/jboss.xml that defines a security domain
for the entire EJB module.
On JBoss AS 6.10, the following exception occurs:
{code}
Caused by: java.lang.IllegalStateException: Local Call: Security Context is null
at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:109)
[:1.7.21]
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
[jboss-aop.jar:2.2.2.GA]
at
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
[:1.7.21]
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
[jboss-aop.jar:2.2.2.GA]
at
org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
[:1.7.21]
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
[jboss-aop.jar:2.2.2.GA]
at
org.jboss.ejb3.core.context.CurrentInvocationContextInterceptor.invoke(CurrentInvocationContextInterceptor.java:47)
[:1.7.21]
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
[jboss-aop.jar:2.2.2.GA]
at
org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
[:1.0.1]
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
[jboss-aop.jar:2.2.2.GA]
at
org.jboss.ejb3.interceptor.EJB3TCCLInterceptor.invoke(EJB3TCCLInterceptor.java:86)
[:1.7.21]
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
[jboss-aop.jar:2.2.2.GA]
at
org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:333)
[:1.7.21]
at
org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:158)
[:1.7.21]
at
org.jboss.ejb3.nointerface.impl.invocationhandler.NoInterfaceViewInvocationHandler.invokeEndpoint(NoInterfaceViewInvocationHandler.java:143)
[:6.1.0.Final]
at
org.jboss.ejb3.nointerface.impl.invocationhandler.NoInterfaceViewInvocationHandler.access$000(NoInterfaceViewInvocationHandler.java:54)
[:6.1.0.Final]
at
org.jboss.ejb3.nointerface.impl.invocationhandler.NoInterfaceViewInvocationHandler$1.invoke(NoInterfaceViewInvocationHandler.java:103)
[:6.1.0.Final]
at
org.jboss.ejb3.sis.reflect.InterceptorInvocationHandler$1.proceed(InterceptorInvocationHandler.java:84)
[:1.0.0-alpha-1]
at
org.jboss.ejb3.sis.InterceptorAssembly$1.proceed(InterceptorAssembly.java:82)
[:1.0.0-alpha-1]
at
org.jboss.ejb3.nointerface.impl.async.AsyncClientInterceptor.invoke(AsyncClientInterceptor.java:119)
[:6.1.0.Final]
at
org.jboss.ejb3.sis.InterceptorAssembly$1.proceed(InterceptorAssembly.java:74)
[:1.0.0-alpha-1]
at
org.jboss.ejb3.nointerface.impl.invocationhandler.ObjectMethodsInterceptor.invoke(ObjectMethodsInterceptor.java:78)
[:6.1.0.Final]
at
org.jboss.ejb3.sis.InterceptorAssembly$1.proceed(InterceptorAssembly.java:74)
[:1.0.0-alpha-1]
at org.jboss.ejb3.sis.InterceptorAssembly.invoke(InterceptorAssembly.java:90)
[:1.0.0-alpha-1]
at
org.jboss.ejb3.sis.reflect.InterceptorInvocationHandler.invoke(InterceptorInvocationHandler.java:110)
[:1.0.0-alpha-1]
at
org.jboss.ejb3.nointerface.impl.invocationhandler.NoInterfaceViewInvocationHandler.invoke(NoInterfaceViewInvocationHandler.java:115)
[:6.1.0.Final]
at
org.jboss.ejb3.proxy.javassist.JavassistInvocationHandlerAdapter.invoke(JavassistInvocationHandlerAdapter.java:71)
[:1.0.0]
at
com.example.RolesTestEJB_$$_javassist_3.securedMethod(RolesTestEJB_$$_javassist_3.java)
at
com.example.RolesTestStartupSingleton.init(RolesTestStartupSingleton.java:19)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_20]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_20]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[:1.6.0_20]
at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_20]
at
org.jboss.ejb3.interceptors.aop.LifecycleCallbackBeanMethodInterceptor.invoke(LifecycleCallbackBeanMethodInterceptor.java:69)
[:1.1.3]
at
org.jboss.aop.joinpoint.ConstructionInvocation.invokeNext(ConstructionInvocation.java:80)
[jboss-aop.jar:2.2.2.GA]
at
org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
[:1.7.21]
at
org.jboss.aop.joinpoint.ConstructionInvocation.invokeNext(ConstructionInvocation.java:80)
[jboss-aop.jar:2.2.2.GA]
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42) [:1.0.4]
at
org.jboss.aop.joinpoint.ConstructionInvocation.invokeNext(ConstructionInvocation.java:80)
[jboss-aop.jar:2.2.2.GA]
at
org.jboss.ejb3.singleton.aop.impl.ConstructionInvocationContextAdapter.proceed(ConstructionInvocationContextAdapter.java:106)
[:1.0.2]
at
org.jboss.ejb3.tx2.impl.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:247)
[:0.0.2]
... 119 more
{code}
and in 7.02:
{code}
Caused by: javax.ejb.EJBAccessException: Invocation on method: public void
com.example.RolesTestEJB.securedMethod() of bean: RolesTestEJB is not allowed
at
org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:109)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at
org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:68)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:146)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:76)
at com.example.RolesTestEJB$$$view2.securedMethod(Unknown Source)
at com.example.RolesTestStartupSingleton.init(RolesTestStartupSingleton.java:19)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_20]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[:1.6.0_20]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[:1.6.0_20]
at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_20]
at
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptor.java:70)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at
org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptor.java:65)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at
org.jboss.as.ee.component.ManagedReferenceInterceptor.processInvocation(ManagedReferenceInterceptor.java:53)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:44)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at
org.jboss.as.ejb3.component.session.SessionInvocationContextInterceptor$CustomSessionInvocationContext.proceed(SessionInvocationContextInterceptor.java:126)
at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:211)
at org.jboss.as.ejb3.tx.CMTTxInterceptor.requiresNew(CMTTxInterceptor.java:313)
at
org.jboss.as.ejb3.tx.SingletonLifecycleCMTTxInterceptor.processInvocation(SingletonLifecycleCMTTxInterceptor.java:56)
at
org.jboss.as.ejb3.tx.SingletonLifecycleCMTTxInterceptor.processInvocation(SingletonLifecycleCMTTxInterceptor.java:42)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at
org.jboss.as.ejb3.component.session.SessionInvocationContextInterceptor.processInvocation(SessionInvocationContextInterceptor.java:71)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
at
org.jboss.as.ee.component.BasicComponent.constructComponentInstance(BasicComponent.java:152)
... 9 more
{code}
Additionally, an @WebListener class is also not able to call such a bean and the same
exception will result.
The exact same code (see forum reference) runs correctly on GlassFish 3.1.1.
After the server has completely started, a Servlet is able to call the secured bean
correctly. This makes this issue resemble JBAS-8895 a little.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira