JBoss Community

Re: security in ejb3.1 using jboss 6.0 CR1

created by aravind kopparthi in EJB3 - View the full discussion

Here is the log that i got ( when i enabled debug).

 

logged in as admin expecting that i will get a permission denied when calling getMembers() in SLSB since it is annotated as @RolesAllowed("businessowner").

 

 

 

user=admin

roles=HttpInvoker,JBossAdmin,WebAppUser

 

 

REST/WEB-REQUEST

 

@Path("/members")

@RequestScoped

public class MemberRESTService

{

 

      @EJB

      Private SLSBProcessBean memberBean;

      @GET

      @Produces(MediaType.APPLICATION_XML)

      public List<Member> findMember() {

            return memberBean.getMembers()

      }

}

 

-----------EJB----------

@Stateless

Public class SLSBProcessBean {

 

 

@RolesAllowed("businessowner")

Public List getMembers()

{

            //Business Logic

            Return members;

}

}

 

config

META-INF/Jboss.xml

 

<jboss>

    <security-domain>java:/jaas/myapp-secure-domain</security-domain>

</jboss>

 

 

WEB-INF/jboss-web.xml

<jboss-web>

 

  <security-domain>java:/jaas/myapp-secure-domain </security-domain>

 

</jboss-web>

 

------------------------------------------------------------------------------------------------------------------------------------LOG-------------------------------------------------------

 

11:44:16,109 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /javaee6-app/rest/members

11:44:16,109 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] We have cached auth type FORM for principal GenericPrincipal[admin(HttpInvoker,JBossAdmin,WebAppUser,)]

11:44:16,109 DEBUG [org.apache.catalina.realm.RealmBase]   Checking constraint 'SecurityConstraint[All resources]' against GET /rest/members--> false

11:44:16,109 DEBUG [org.apache.catalina.realm.RealmBase]   No applicable constraint located

11:44:16,109 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase]  Not subject to any constraint

11:44:16,109 DEBUG [org.jboss.resteasy.core.SynchronousDispatcher] PathInfo: members

11:44:16,109 DEBUG [org.jboss.resteasy.cdi.CdiConstructorInjector] Beans found for class com.sak.home.service.rest.MemberRESTService : [Managed Bean [class com.sak.home.service.rest.MemberRESTService] with qualifiers [@Any @Default @Exact]]

11:44:16,109 DEBUG [org.jboss.ejb3.ejbref.resolver.ejb30.impl.EJB30MetaDataBasedEjbReferenceResolver] Resolving reference for [EJB Reference: beanInterface 'com.sak.home.process.SLSBProcessBean', beanName '', mappedName 'null'] in org.jboss.metadata.ejb.jboss.JBossMetaData@1f

11:44:16,109 DEBUG [org.jboss.ejb3.ejbref.resolver.ejb30.impl.EJB30MetaDataBasedEjbReferenceResolver] Found match in EJB SLSBProcessBean for [EJB Reference: beanInterface 'com.sak.home.process.SLSBProcessBean', beanName '', mappedName 'null']

11:44:16,109 DEBUG [org.jboss.ejb3.ejbref.resolver.ejb31.impl.EJB31MetaDataBasedEjbReferenceResolver] Found specified beanInterface that is not a direct beanInterface of EJB SLSBProcessBean: com.sak.home.process.SLSBProcessBean

11:44:16,109 DEBUG [org.jboss.metadata.ejb.jboss.jndi.resolver.impl.JNDIPolicyBasedSessionBeanJNDINameResolver] Resolved JNDI Name for Interface com.sak.home.process.SLSBProcessBean of type NO_INTERFACE is SLSBProcessBean/no-interface

11:44:16,109 DEBUG [org.jboss.ejb3.ejbref.resolver.ejb31.impl.EJB31MetaDataBasedEjbReferenceResolver] Resolved JNDI Name for [EJB Reference: beanInterface 'com.sak.home.process.SLSBProcessBean', beanName '', mappedName 'null'] of EJB SLSBProcessBean: SLSBProcessBean/no-interface

Reply to this message by going to Community

Start a new discussion in EJB3 at Community