11:01 a.m.
Davide Tabarelli [http://community.jboss.org/people/giantPM] replied to the discussion
"Security principal propagation accross ejb3 modules"
To view the discussion, visit: http://community.jboss.org/message/544712#544712
--------------------------------------------------------------
Of course ...
I forgot to mention that I've already patched JBoss with the EJB3 Plugin 1.0.19.
Here the security realm configuration in login-config.xml:
<application-policy name="cdrms-realm">
<authentication>
<login-module
code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option
name="dsJndiName">java:cimecDS</module-option>
<module-option name="principalsQuery">SELECT
CDRMS_JBOSS_USER(?)</module-option>
<module-option name="rolesQuery">SELECT
'CDRMSRealmUser', 'Roles' FROM RESOURCES_LIST WHERE
NAME=?</module-option>
<module-option
name="hashAlgorithm">MD5</module-option>
<module-option
name="hashEncoding">HEX</module-option>
<module-option
name="ignorePasswordCase">true</module-option>
<module-option name="debug">true</module-option>
</login-module>
<login-module code="org.jboss.security.ClientLoginModule"
flag="required">
<module-option name="debug">true</module-option>
</login-module>
</authentication>
</application-policy>
The Bean A in EJB A:
import ...
@Stateless
@RemoteBinding(jndiBinding = "CDRMS/AuditMessageManager/remote")
@LocalBinding(jndiBinding = "CDRMS/AuditMessageManager/local")
@SecurityDomain("cdrms-realm")
@RolesAllowed({"CDRMSRealmUser"})
public class AuditMessageManagerBean implements AuditMessageManagerRemote,
AuditMessageManagerLocal {
@EJB(mappedName = "CDRMS/AuditEventManager/local")
private AuditEventManager pm;
@Resource
private SessionContext sctx;
// ... business and lifecycle methods ...
public int count() {
log.info( "------------------> Principal = " +
this.sctx.getCallerPrincipal().getName());
return pm.count(); // (1)
}
}
The bean B in EJB B:
import ...
@Stateless
@RemoteBinding(jndiBinding = "CDRMS/AuditEventManager/remote")
@LocalBinding(jndiBinding = "CDRMS/AuditEventManager/local")
@SecurityDomain("cdrms-realm")
@RolesAllowed({"CDRMSRealmUser"})
public class AuditEventManagerBean implements AuditEventManagerLocal,
AuditEventManagerRemote {
@PersistenceContext(unitName = "cimecPU")
private EntityManager em;
@Resource
private SessionContext sctx;
// ... business and lifecycle methods ...
public int count() { //(2)
log.info( "------------------> Principal = " +
this.sctx.getCallerPrincipal().getName());
return ((Long) em.createQuery("select count(o) from AuditEvent as
o").getSingleResult()).intValue();
}
The standalone client main method:
import ...
public static void main(String[] args) {
try {
SecurityClient client = SecurityClientFactory.getSecurityClient();
client.setSimple("vera.aloe", "***");
client.login();
Properties env = new Properties();
env.setProperty(Context.INITIAL_CONTEXT_FACTORY,
"org.jnp.interfaces.NamingContextFactory");
env.setProperty(Context.URL_PKG_PREFIXES,
"org.jnp.interfaces.NamingContextFactory");
env.setProperty(Context.PROVIDER_URL, "jnp://mybindinghost:1099/");
InitialContext ic = new InitialContext(env);
// This ok
AuditEventManager aem = (AuditEventManager)
ic.lookup("CDRMS/AuditEventManager/remote");
System.out.println(aem.count());
// This gives the exception below
AuditMessageManager am = (AuditMessageManager)
ic.lookup("CDRMS/AuditMessageManager/remote");
System.out.println(am.count());
// The same results by using LoginContext & CallbackHandler instead of
SecurityClient
// and from the web tier
} catch (Exception ex) {
Logger.getLogger(SecurityTest.class.getName()).log(Level.SEVERE, null, ex);
}
}
The principal is correct in (2) but is anonymous in (1) ... here the exception trace:
17:51:56,691 DEBUG [ManagerBase](ContainerBackgroundProcessor[StandardEngine[jboss.web]])
Start expire sessions StandardManager at 1274802716691 sessioncount 0
17:51:56,692 DEBUG [ManagerBase](ContainerBackgroundProcessor[StandardEngine[jboss.web]])
End expire sessions StandardManager processingTime 1 expired sessions: 0
17:51:56,692 DEBUG [ManagerBase](ContainerBackgroundProcessor[StandardEngine[jboss.web]])
Start expire sessions StandardManager at 1274802716692 sessioncount 0
17:51:56,692 DEBUG [ManagerBase](ContainerBackgroundProcessor[StandardEngine[jboss.web]])
End expire sessions StandardManager processingTime 0 expired sessions: 0
17:51:59,082 TRACE [cdrms-realm](WorkerThread#0[192.168.185.16:56746]) Begin isValid,
principal:vera.aloe, cache info:
org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@42d31a[Subject(17610996).principals=org.jboss.security.SimplePrincipal@2853698(vera.aloe)org.jboss.security.SimpleGroup@32834360(Roles(members:CDRMSRealmUser)),credential.class=java.lang.String@27845948,expirationTime=1274802911126]
17:51:59,083 TRACE [cdrms-realm](WorkerThread#0[192.168.185.16:56746]) Begin
validateCache,
info=org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@42d31a[Subject(17610996).principals=org.jboss.security.SimplePrincipal@2853698(vera.aloe)org.jboss.security.SimpleGroup@32834360(Roles(members:CDRMSRealmUser)),credential.class=java.lang.String@27845948,expirationTime=1274802911126];credential.class=java.lang.String@27845948
17:51:59,083 TRACE [cdrms-realm](WorkerThread#0[192.168.185.16:56746]) End validateCache,
isValid=true
17:51:59,083 TRACE [cdrms-realm](WorkerThread#0[192.168.185.16:56746]) End isValid, true
17:51:59,083 TRACE [LogAuditProvider](WorkerThread#0[192.168.185.16:56746])
[Success]Source=org.jboss.security.javaee.EJBAuthenticationHelper;principal=vera.aloe;method=count;
17:51:59,083 TRACE [SecurityRolesAssociation](WorkerThread#0[192.168.185.16:56746])
Setting threadlocal:{}
17:51:59,083 TRACE [JBossAuthorizationContext](WorkerThread#0[192.168.185.16:56746])
Control flag for
entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
17:51:59,083 TRACE [EJBPolicyModuleDelegate](WorkerThread#0[192.168.185.16:56746])
method=public int org.cdrms.jpa.managers.AuditEventManagerBean.count(), interface=Remote,
requiredRoles=Roles(CDRMSRealmUser,)
17:51:59,084 TRACE [LogAuditProvider](WorkerThread#0[192.168.185.16:56746])
[Success]Source=org.jboss.security.plugins.javaee.EJBAuthorizationHelper;Exception:=;Resource:=[org.jboss.security.authorization.resources.EJBResource:contextMap={policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@1fb2e99}:method=public
int
org.cdrms.jpa.managers.AuditEventManagerBean.count():ejbMethodInterface=Remote:ejbName=AuditEventManagerBean:ejbPrincipal=vera.aloe:MethodRoles=Roles(CDRMSRealmUser,):securityRoleReferences=null:callerSubject=Subject:
Principal: vera.aloe
Principal: Roles(members:CDRMSRealmUser)
:callerRunAs=null:callerRunAs=null:ejbRestrictionEnforcement=false:ejbVersion=null];policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@1fb2e99;
17:51:59,084 INFO [AuditEventManagerBean](WorkerThread#0[192.168.185.16:56746])
------------------> Principal = vera.aloe
17:51:59,132 TRACE [cdrms-realm](WorkerThread#0[192.168.185.16:56748]) Begin isValid,
principal:vera.aloe, cache info:
org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@42d31a[Subject(17610996).principals=org.jboss.security.SimplePrincipal@2853698(vera.aloe)org.jboss.security.SimpleGroup@32834360(Roles(members:CDRMSRealmUser)),credential.class=java.lang.String@27845948,expirationTime=1274802911126]
17:51:59,132 TRACE [cdrms-realm](WorkerThread#0[192.168.185.16:56748]) Begin
validateCache,
info=org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@42d31a[Subject(17610996).principals=org.jboss.security.SimplePrincipal@2853698(vera.aloe)org.jboss.security.SimpleGroup@32834360(Roles(members:CDRMSRealmUser)),credential.class=java.lang.String@27845948,expirationTime=1274802911126];credential.class=java.lang.String@27845948
17:51:59,132 TRACE [cdrms-realm](WorkerThread#0[192.168.185.16:56748]) End validateCache,
isValid=true
17:51:59,132 TRACE [cdrms-realm](WorkerThread#0[192.168.185.16:56748]) End isValid, true
17:51:59,133 TRACE [LogAuditProvider](WorkerThread#0[192.168.185.16:56748])
[Success]Source=org.jboss.security.javaee.EJBAuthenticationHelper;principal=vera.aloe;method=count;
17:51:59,133 TRACE [SecurityRolesAssociation](WorkerThread#0[192.168.185.16:56748])
Setting threadlocal:{}
17:51:59,133 TRACE [JBossAuthorizationContext](WorkerThread#0[192.168.185.16:56748])
Control flag for
entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
17:51:59,133 TRACE [EJBPolicyModuleDelegate](WorkerThread#0[192.168.185.16:56748])
method=public int org.cdrms.audit.AuditMessageManagerBean.count(), interface=Remote,
requiredRoles=Roles(CDRMSRealmUser,)
17:51:59,133 TRACE [LogAuditProvider](WorkerThread#0[192.168.185.16:56748])
[Success]Source=org.jboss.security.plugins.javaee.EJBAuthorizationHelper;Exception:=;Resource:=[org.jboss.security.authorization.resources.EJBResource:contextMap={policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@1fb2e99}:method=public
int
org.cdrms.audit.AuditMessageManagerBean.count():ejbMethodInterface=Remote:ejbName=AuditMessageManagerBean:ejbPrincipal=vera.aloe:MethodRoles=Roles(CDRMSRealmUser,):securityRoleReferences=null:callerSubject=Subject:
Principal: vera.aloe
Principal: Roles(members:CDRMSRealmUser)
:callerRunAs=null:callerRunAs=null:ejbRestrictionEnforcement=false:ejbVersion=null];policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@1fb2e99;
17:51:59,139 TRACE [messaging](WorkerThread#0[192.168.185.16:56748]) Begin isValid,
principal:null, cache info:
org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@11603fa[Subject(29654441).principals=org.jboss.security.SimplePrincipal@2853698(guest)org.jboss.security.SimpleGroup@32834360(Roles(members:john,guest,j2ee)),credential.class=null,expirationTime=1274802858447]
17:51:59,140 TRACE [messaging](WorkerThread#0[192.168.185.16:56748]) Begin validateCache,
info=org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@11603fa[Subject(29654441).principals=org.jboss.security.SimplePrincipal@2853698(guest)org.jboss.security.SimpleGroup@32834360(Roles(members:john,guest,j2ee)),credential.class=null,expirationTime=1274802858447];credential.class=null
17:51:59,140 TRACE [messaging](WorkerThread#0[192.168.185.16:56748]) End validateCache,
isValid=true
17:51:59,140 TRACE [messaging](WorkerThread#0[192.168.185.16:56748]) End isValid, true
17:51:59,140 TRACE [SecurityAssociation](WorkerThread#0[192.168.185.16:56748])
popSubjectContext, sc=null
17:51:59,140 TRACE [SecurityAssociation](WorkerThread#0[192.168.185.16:56748])
WARN::Deprecated usage of SecurityAssociation. Use SecurityContext
17:51:59,141 TRACE [cdrms-realm](WorkerThread#0[192.168.185.16:56748]) getPrincipal, cache
info: null
17:51:59,141 INFO [AuditMessageManagerBean](WorkerThread#0[192.168.185.16:56748])
------------------> Principal = anonymous
17:51:59,141 TRACE [SecurityRolesAssociation](WorkerThread#0[192.168.185.16:56748])
Setting threadlocal:{}
17:51:59,142 TRACE [JBossAuthorizationContext](WorkerThread#0[192.168.185.16:56748])
Control flag for
entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
17:51:59,142 TRACE [EJBPolicyModuleDelegate](WorkerThread#0[192.168.185.16:56748])
method=public int org.cdrms.jpa.managers.AuditEventManagerBean.count(), interface=Local,
requiredRoles=Roles(CDRMSRealmUser,)
17:51:59,142 TRACE [EJBPolicyModuleDelegate](WorkerThread#0[192.168.185.16:56748])
Exception:Insufficient method permissions, principal=null, ejbName=AuditEventManagerBean,
method=count, interface=Local, requiredRoles=Roles(CDRMSRealmUser,),
principalRoles=Roles()
17:51:59,144 TRACE [JBossAuthorizationContext](WorkerThread#0[192.168.185.16:56748])
REQUIRED failed for
Name=org.jboss.security.authorization.modules.DelegatingAuthorizationModule:subject=Subject:
Principal: anonymous
:role=Roles()
17:51:59,144 TRACE [JBossAuthorizationContext](WorkerThread#0[192.168.185.16:56748]) Error
in authorize:
org.jboss.security.authorization.AuthorizationException: Authorization Failed:
at
org.jboss.security.plugins.authorization.JBossAuthorizationContext.invokeAuthorize(JBossAuthorizationContext.java:263)
at
org.jboss.security.plugins.authorization.JBossAuthorizationContext.access$000(JBossAuthorizationContext.java:67)
at
org.jboss.security.plugins.authorization.JBossAuthorizationContext$1.run(JBossAuthorizationContext.java:152)
at java.security.AccessController.doPrivileged(Native Method)
at
org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:148)
at
org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:474)
at
org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:124)
at
org.jboss.security.plugins.javaee.EJBAuthorizationHelper.authorize(EJBAuthorizationHelper.java:116)
at
org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:189)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptor.EJB3TCCLInterceptor.invoke(EJB3TCCLInterceptor.java:86)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:182)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:240)
at
org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:188)
at $Proxy786.count(Unknown Source)
at org.cdrms.audit.AuditMessageManagerBean.count(AuditMessageManagerBean.java:303)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
at
org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
at
org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:76)
at
org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:62)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
at
org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_6749397.invoke(InvocationContextInterceptor_z_fillMethod_6749397.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
at
org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_6749397.invoke(InvocationContextInterceptor_z_setup_6749397.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.security.RunAsSecurityInterceptorv2.invoke(RunAsSecurityInterceptorv2.java:94)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptor.EJB3TCCLInterceptor.invoke(EJB3TCCLInterceptor.java:86)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:438)
at
org.jboss.ejb3.session.InvokableContextClassProxyHack._dynamicInvoke(InvokableContextClassProxyHack.java:53)
at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:91)
at
org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:891)
at
org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:744)
at
org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:697)
at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:524)
at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:232)
17:51:59,147 TRACE [EJBAuthorizationHelper](WorkerThread#0[192.168.185.16:56748]) Error in
authorization:
org.jboss.security.authorization.AuthorizationException: Authorization Failed:
at
org.jboss.security.plugins.authorization.JBossAuthorizationContext.invokeAuthorize(JBossAuthorizationContext.java:263)
at
org.jboss.security.plugins.authorization.JBossAuthorizationContext.access$000(JBossAuthorizationContext.java:67)
at
org.jboss.security.plugins.authorization.JBossAuthorizationContext$1.run(JBossAuthorizationContext.java:152)
at java.security.AccessController.doPrivileged(Native Method)
at
org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:148)
at
org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:474)
at
org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:124)
at
org.jboss.security.plugins.javaee.EJBAuthorizationHelper.authorize(EJBAuthorizationHelper.java:116)
at
org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:189)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptor.EJB3TCCLInterceptor.invoke(EJB3TCCLInterceptor.java:86)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:182)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:240)
at
org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:188)
at $Proxy786.count(Unknown Source)
at org.cdrms.audit.AuditMessageManagerBean.count(AuditMessageManagerBean.java:303)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
at
org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
at
org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:76)
at
org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:62)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
at
org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_6749397.invoke(InvocationContextInterceptor_z_fillMethod_6749397.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
at
org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_6749397.invoke(InvocationContextInterceptor_z_setup_6749397.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.security.RunAsSecurityInterceptorv2.invoke(RunAsSecurityInterceptorv2.java:94)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptor.EJB3TCCLInterceptor.invoke(EJB3TCCLInterceptor.java:86)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:438)
at
org.jboss.ejb3.session.InvokableContextClassProxyHack._dynamicInvoke(InvokableContextClassProxyHack.java:53)
at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:91)
at
org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:891)
at
org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:744)
at
org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:697)
at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:524)
at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:232)
17:51:59,149 TRACE [LogAuditProvider](WorkerThread#0[192.168.185.16:56748])
[Error]Source=org.jboss.security.plugins.javaee.EJBAuthorizationHelper;Exception:=Authorization
Failed:
;Resource:=[org.jboss.security.authorization.resources.EJBResource:contextMap={policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@1fb2e99}:method=public
int
org.cdrms.jpa.managers.AuditEventManagerBean.count():ejbMethodInterface=Local:ejbName=AuditEventManagerBean:ejbPrincipal=null:MethodRoles=Roles(CDRMSRealmUser,):securityRoleReferences=null:callerSubject=Subject:
Principal: anonymous
:callerRunAs=null:callerRunAs=null:ejbRestrictionEnforcement=false:ejbVersion=null];policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@1fb2e99;
I addition: I've tried both with and without specifying to use caller identity in
ejb-jar.xml descriptors as follows:
EJB A:
<ejb-jar xmlns = "http://java.sun.com/xml/ns/javaee"
version = "3.0"
xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation = "http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd">
<enterprise-beans>
<session>
<ejb-name>AuditEventManagerBean</ejb-name>
<security-identity>
<use-caller-identity/>
</security-identity>
</session>
</enterprise-beans>
</ejb-jar>
EJB B:
<ejb-jar xmlns = "http://java.sun.com/xml/ns/javaee"
version = "3.0"
xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation = "http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd">
<enterprise-beans>
<session>
<ejb-name>AuditMessageManagerBean</ejb-name>
<security-identity>
<use-caller-identity/>
</security-identity>
</session>
</enterprise-beans>
</ejb-jar>
Thank you very much in advance.
D.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/544712#544712]
Start a new discussion in EJB 3.0 at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&...]
5325
days inactive
5325
days old
0 comments
1 participants
participants (1)
-
Davide Tabarelli