[Security] - Re: java.lang.SecurityException: Denied: caller with subject
by sangeetha.gold
Wolfgang,
Thanks a lot. I have re-solved the issue.... As suggested by you, I have created the beans using EJB 2.1 its working now and also ejb-jar.xml file also incorrect.
To resolve the above issue the ejb-jar.xml file should be as follows:
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar id="ejb-jar_1" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd" version="2.1">
<![CDATA[DSBean generated by eclipse wtp xdoclet extension.]]>
<display-name>DSBean</display-name>
<enterprise-beans>
<!-- Session Beans -->
<![CDATA[An EJB named WlConnectors]]>
<display-name>WlConnectors</display-name>
<ejb-name>WlConnectors</ejb-name>
com.test.jboss.WlConnectorsHome
com.test.jboss.WlConnectors
<local-home>com.test.jboss.WlConnectorsLocalHome</local-home>
com.test.jboss.WlConnectorsLocal
<ejb-class>com.test.jboss.WlConnectorsSession</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<![CDATA[An EJB named MethodConnectors]]>
<display-name>MethodConnectors</display-name>
<ejb-name>MethodConnectors</ejb-name>
com.test.jboss.MethodConnectorsHome
com.test.jboss.MethodConnectors
<local-home>com.test.jboss.MethodConnectorsLocalHome</local-home>
com.test.jboss.MethodConnectorsLocal
<ejb-class>com.test.jboss.MethodConnectorsSession</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<![CDATA[An EJB named DSConnectors]]>
<display-name>DSConnectors</display-name>
<ejb-name>DSConnectors</ejb-name>
com.test.jboss.DSConnectorsHome
com.test.jboss.DSConnectors
<local-home>com.test.jboss.DSConnectorsLocalHome</local-home>
com.test.jboss.DSConnectorsLocal
<ejb-class>com.test.jboss.DSConnectorsSession</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<!--
To add session beans that you have deployment descriptor info for, add
a file to your XDoclet merge directory called session-beans.xml that contains
the markup for those beans.
-->
<!-- Entity Beans -->
<!--
To add entity beans that you have deployment descriptor info for, add
a file to your XDoclet merge directory called entity-beans.xml that contains
the markup for those beans.
-->
<!-- Message Driven Beans -->
<!--
To add message driven beans that you have deployment descriptor info for, add
a file to your XDoclet merge directory called message-driven-beans.xml that contains
the <message-driven></message-driven> markup for those beans.
-->
</enterprise-beans>
<!-- Relationships -->
<!-- Assembly Descriptor -->
<!--
To specify your own assembly descriptor info here, add a file to your
XDoclet merge directory called assembly-descriptor.xml that contains
the <assembly-descriptor></assembly-descriptor> markup.
-->
<assembly-descriptor id="AssemblyDescriptor_1">
<!--
To specify additional security-role elements, add a file in the merge
directory called ejb-security-roles.xml that contains them.
-->
<!-- method permissions -->
<!--
To specify additional method-permission elements, add a file in the merge
directory called ejb-method-permissions.ent that contains them.
-->
<!-- transactions -->
<!--
To specify additional container-transaction elements, add a file in the merge
directory called ejb-container-transactions.ent that contains them.
-->
<!-- finder transactions -->
<!-- message destinations -->
<!--
To specify additional message-destination elements, add a file in the merge
directory called ejb-message-destinations.ent that contains them.
-->
<!-- exclude list -->
<!--
To specify an exclude-list element, add a file in the merge directory
called ejb-exclude-list.xml that contains it.
-->
<security-role>
<role-name>DSBeanRole</role-name>
</security-role>
<security-role>
<role-name>ProtectedMethodGroup</role-name>
</security-role>
<method-permission>
<role-name>DSBeanRole</role-name>
<ejb-name>DSConnectors</ejb-name>
<method-name>*</method-name>
</method-permission>
<method-permission>
<role-name>ProtectedMethodGroup</role-name>
<ejb-name>MethodConnectors</ejb-name>
<method-name>getUserId</method-name>
</method-permission>
<method-permission>
<ejb-name>MethodConnectors</ejb-name>
<method-name>create</method-name>
</method-permission>
<method-permission>
<ejb-name>WlConnectors</ejb-name>
<method-name>*</method-name>
</method-permission>
<container-transaction>
<ejb-name>MethodConnectors</ejb-name>
<method-name>*</method-name>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor>
</ejb-jar>
Thanks & Regards,
Sangeetha
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4265006#4265006
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4265006
16 years, 5 months
[JBoss Remoting Users] - Re: Client hangs when get JMS connection factory
by mjjiangbhr
Let me further elaborate this issue:
In our application, there are some Message listeners running on the client side, these message listeners will receive messages from queue/topic deployed in JBoss Messaging
Configuration:
We created our own JMS Connection factory which uses the default remoting connector. As you know, the default remoting connector is configured to use the bisocket transport
During we run our application, we open the JBoss web console to monitor the value of currentClientPoolSize under Jboss.remoting JMX MBean
How to reproduce this issue:
1. Run 5 message listeners in the client side to receive messages from JBoss Messaging, then we monitor the value of currentClientPoolSize, we observe the value is 10
2. After processing several messages, we manually pull out the ethernet cable. After some time, we found the value of currentClientPoolSize is still 10, no any change. (If we killed the process of message listener in client side, then the value of currentClientPoolSize will decrease to 0 immediately)
3. We run another 5 message listeners in client side, then the value of currentClientPoolSize will become 20
4. After we do the same operations above several times, the value of currentClientPoolSize will increase continuously. Once the value of currentClientPoolSize is equal to the MaxPoolSize, then the subsequent incoming client requests will hang, and we will encounter the following exception in server side
| 2009-10-20 18:08:09,655 ERROR [org.jboss.remoting.transport.socket.ServerThread] Worker thread initi
| alization failure
| java.net.SocketException: Connection reset
| at java.net.SocketInputStream.read(SocketInputStream.java:168)
| at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
| at java.io.BufferedInputStream.read(BufferedInputStream.java:235)
| at java.io.FilterInputStream.read(FilterInputStream.java:66)
| at org.jboss.remoting.transport.socket.ServerThread.readVersion(ServerThread.java:859)
| at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:545)
| at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:406)
| at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:173)
|
Conclusion: JBoss Messaging will not close the failure connections if they are caused by manually pulling out ethernet cable. As a result, the value of currentClientPoolSize will increase continuously and finally the new client requests will hang
We found several similar problems in JBoss JIRA as below:
https://jira.jboss.org/jira/browse/JBMESSAGING-1268
https://jira.jboss.org/jira/browse/JBREM-947
https://jira.jboss.org/jira/browse/JBREM-949
In the JBREM-947 and JBREM-949, the remoting wrongly depend on the socket timeout for failure detection, the bug reporter said 'Remoting should not be dependent on the socket timeout for failure detection, the connetion validation and socket timeout should be possible to be configured separately'. According to the JIRA, this issue had been fixed in Remoting 2.2.2. SP8 and 2.4.0.CR2 (Pinto), since it is said 'JBREM-947 - is the proper fix in remoting which will allow us to configure timeouts and validation interval separately'. (stated in JBMESSAGING-1268)
However, according to our test, this issue was not fixed properly. We suspect the Remoting 2.2.3 still wrongly depend on the socket timeout for failure connection detection. So, we tried to change the timeout of bisocket transport from 0 (infinite) to a lower value e.g. 10 seconds, then we repeat the test steps again and observe the jboss web console, fortunately, we found the failure connection will be closed after 10 seconds. In JBREM-947, a daemon thread and validatorPingTimeout parameter are mentioned, we think daemon thread should use parameter validatorPingPeriod and validatorPingTimeout to close the failure connection instead of socket timeout. Thus, we post this to seek your expertise. Please correct us if we are wrong.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4265001#4265001
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4265001
16 years, 5 months
[JBoss Portal Users] - LDAP-Datatype for 'portal.user.enabled'
by aeik
Hi,
i need to save all profile-data for a user in ldap, because the ldap ist used by other applications, too.
everything works fine so far. only saving or changing the value of 'portal.user.enabled' does not work. registering a user fails, because the field could not be created.
When enabling/disabling a user, following error occurs:
| ERROR [IdentityUserBean] updateProfile failed
| org.jboss.portal.identity.IdentityException: Wrong property type. Must be: java.lang.String; and found: java.lang.Boolean
|
System:
anonymous wrote :
| [Server] JBoss (MX MicroKernel) [4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)]
| OpenLDAP: slapd 2.4.9 on debian
|
mapping in profile-config.xml:
| <property>
| <name>portal.user.enabled</name>
| <type>java.lang.Boolean</type>
| <access-mode>read-write</access-mode>
| <usage>mandatory</usage>
| <display-name xml:lang="en">Enabled</display-name>
| <description xml:lang="en">Is user enabled?</description>
| <mapping>
| <database>
| <type>column</type>
| <value>jbp_enabled</value>
| </database>
| <ldap>
| <value>enabled</value>
| </ldap>
| </mapping>
| </property>
|
ldap-schema:
| attributeType ( 2.16.840.1.113730.3.2.94 NAME 'enabled'
| DESC 'userEnabled'
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
|
I've manualy set the value in my ldap. The correct value is displayed in the Portal User Management.
What's wrong with my configuration? Any idea to solve the problem?
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4264999#4264999
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4264999
16 years, 5 months