[Security] - Caller unauthorized on using a ejb3 statetlesssessionbean fr - jboss-user

Thursday, 1 October 2009

Hi everybody,

I have a big problem using JAAS in JBoss 5.1.0GA, which I try to solve about 2 days (my
employer is not very amused of that...). I use a own JASSLoginModule to authenticate a
user on a LDAP directory. The roleSet is fetched from a database. This part works as I can
see and give me the result  - "AdminUser".

But now when I call a EJB stateless session bean, I always get the Caller unauthorized
error (Stacktrace is at bottom of the message).

Can anybody give me a hint whats wrong.

The Constants in the @RolesAllowed has "AdminUser" in the list. The class is
also attached at the end of the message

  | javax.ejb.EJBAccessException: Caller unauthorized
  |         at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(Ro
  | leBasedAuthorizationInterceptorv2.java:199)
  |         at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
  | java:102)
  |         at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3Au
  | thenticationInterceptorv2.java:186)
  |         at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
  | java:102)
  |         at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterce
  | ptor.java:41)
  |         at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
  | java:102)
  |         at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContaine
  | rShutdownInterceptor.java:67)
  |         at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
  | java:102)
  |         at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invo
  | ke(CurrentInvocationInterceptor.java:67)
  |         at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
  | java:102)
  |         at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContain
  | er.java:176)
  |         at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContain
  | er.java:216)
  |         at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandl
  | erBase.invoke(SessionProxyInvocationHandlerBase.java:207)
  |         at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandl
  | erBase.invoke(SessionProxyInvocationHandlerBase.java:164)
  |         at $Proxy1287.getAllUsers(Unknown Source)
  |         at vwg.yyy.cancard.ui.action.Usermanagement.Usermanagement.list(Userman
  | agement.java:41)
  |         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  |         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
  | java:39)
  |         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
  | sorImpl.java:25)
  |         at java.lang.reflect.Method.invoke(Method.java:597)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultA
  | ctionInvocation.java:404)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(Defa
  | ultActionInvocation.java:267)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:229)
  |         at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doInte
  | rcept(DefaultWorkflowInterceptor.java:221)
  |         at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
  | (MethodFilterInterceptor.java:86)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(V
  | alidationInterceptor.java:150)
  |         at org.apache.struts2.interceptor.validation.AnnotationValidationInterce
  | ptor.doIntercept(AnnotationValidationInterceptor.java:48)
  |         at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
  | (MethodFilterInterceptor.java:86)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.interc
  | ept(ConversionErrorInterceptor.java:123)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept
  | (ParametersInterceptor.java:167)
  |         at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
  | (MethodFilterInterceptor.java:86)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.inter
  | cept(StaticParametersInterceptor.java:105)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(Checkbox
  | Interceptor.java:83)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUp
  | loadInterceptor.java:207)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(
  | ModelDrivenInterceptor.java:74)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.inte
  | rcept(ScopedModelDrivenInterceptor.java:127)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at org.apache.struts2.interceptor.ProfilingActivationInterceptor.interce
  | pt(ProfilingActivationInterceptor.java:107)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at org.apache.struts2.interceptor.debugging.DebuggingInterceptor.interce
  | pt(DebuggingInterceptor.java:206)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(Cha
  | iningInterceptor.java:115)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInt
  | erceptor.java:143)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(Pr
  | epareInterceptor.java:121)
  |         at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
  | (MethodFilterInterceptor.java:86)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(Ser
  | vletConfigInterceptor.java:170)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasI
  | nterceptor.java:123)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.inter
  | cept(ExceptionMappingInterceptor.java:176)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at vwg.yyy.cancard.ui.interceptor.RolecheckUsermanagerInterceptor.conti
  | nueAction(RolecheckUsermanagerInterceptor.java:86)
  |         at vwg.yyy.cancard.ui.interceptor.RolecheckUsermanagerInterceptor.inter
  | cept(RolecheckUsermanagerInterceptor.java:71)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at vwg.yyy.cancard.ui.interceptor.JAASLoginInterceptor.intercept(JAASLo
  | ginInterceptor.java:78)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doInte
  | rcept(DefaultWorkflowInterceptor.java:221)
  |         at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
  | (MethodFilterInterceptor.java:86)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(V
  | alidationInterceptor.java:150)
  |         at org.apache.struts2.interceptor.validation.AnnotationValidationInterce
  | ptor.doIntercept(AnnotationValidationInterceptor.java:48)
  |         at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
  | (MethodFilterInterceptor.java:86)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.interc
  | ept(ConversionErrorInterceptor.java:123)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept
  | (ParametersInterceptor.java:167)
  |         at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
  | (MethodFilterInterceptor.java:86)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.inter
  | cept(StaticParametersInterceptor.java:105)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(Checkbox
  | Interceptor.java:83)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUp
  | loadInterceptor.java:207)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(
  | ModelDrivenInterceptor.java:74)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(Cha
  | iningInterceptor.java:115)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInt
  | erceptor.java:143)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(Pr
  | epareInterceptor.java:121)
  |         at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
  | (MethodFilterInterceptor.java:86)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(Ser
  | vletConfigInterceptor.java:170)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept
  | (ParametersInterceptor.java:167)
  |         at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
  | (MethodFilterInterceptor.java:86)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasI
  | nterceptor.java:123)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.inter
  | cept(ExceptionMappingInterceptor.java:176)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at vwg.yyy.cancard.ui.interceptor.RedirectMessageInterceptor.doIntercep
  | t(RedirectMessageInterceptor.java:51)
  |         at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
  | (MethodFilterInterceptor.java:86)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:224)
  |         at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
  | ActionInvocation.java:223)
  |         at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
  | erStack.java:455)
  |         at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
  | nvocation.java:221)
  |         at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.j
  | ava:50)
  |         at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.jav
  | a:504)
  |         at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatc
  | her.java:419)
  |         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
  | icationFilterChain.java:235)
  |         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
  | ilterChain.java:206)
  |         at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFi
  | lter.java:96)
  |         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
  | icationFilterChain.java:235)
  |         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
  | ilterChain.java:206)
  |         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
  | alve.java:235)
  |         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
  | alve.java:191)
  |         at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Securit
  | yAssociationValve.java:190)
  |         at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValv
  | e.java:92)
  |         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.proce
  | ss(SecurityContextEstablishmentValve.java:126)
  |         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invok
  | e(SecurityContextEstablishmentValve.java:70)
  |         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
  | ava:127)
  |         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
  | ava:102)
  |         at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedC
  | onnectionValve.java:158)
  |         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
  | ve.java:109)
  |         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
  | a:330)
  |         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
  | :829)
  |         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
  | ss(Http11Protocol.java:598)
  |         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:44
  | 7)
  |         at java.lang.Thread.run(Thread.java:619)

UserFacadeBean.java:

  | /**
  |  * 
  |  */
  | package vwg.yyy.cancard.business.facade;
  | 
  | import java.util.ArrayList;
  | import java.util.List;
  | import java.util.Set;
  | 
  | import javax.annotation.PostConstruct;
  | import javax.annotation.Resource;
  | import javax.annotation.security.RolesAllowed;
  | import javax.annotation.security.RunAs;
  | import javax.ejb.EJB;
  | import javax.ejb.Local;
  | import javax.ejb.Remote;
  | import javax.ejb.SessionContext;
  | import javax.ejb.Stateless;
  | import javax.persistence.EntityExistsException;
  | import javax.persistence.EntityNotFoundException;
  | import javax.security.auth.Subject;
  | import javax.security.jacc.PolicyContext;
  | import javax.security.jacc.PolicyContextException;
  | 
  | import org.apache.log4j.Logger;
  | import org.hibernate.exception.ConstraintViolationException;
  | import org.jboss.ejb3.annotation.SecurityDomain;
  | import org.jboss.security.auth.spi.ADLoginIdentifier;
  | 
  | import vwg.yyy.cancard.ApplicationConstants;
  | import vwg.yyy.cancard.MyApplicationException;
  | import vwg.yyy.cancard.business.user.TooManyHitsException;
  | import vwg.yyy.cancard.dao.ApplicationRoleDao;
  | import vwg.yyy.cancard.dao.ApplicationUserDao;
  | import vwg.yyy.cancard.dao.DAOFactory;
  | import vwg.yyy.cancard.ldap.LDAPSearcher;
  | import vwg.yyy.cancard.model.basic.ApplicationRole;
  | import vwg.yyy.cancard.model.basic.ApplicationUser;
  | 
  | 
  | /**
  |  * Implementation of user service interface.
  |  * 
  |  * @author Michael Obster (michael.obster(a)epos-cat.de)
  |  */
  | @SecurityDomain("java:/jaas/cancardDomain")
  | @RolesAllowed({ApplicationConstants.ROLE_ADMIN, ApplicationConstants.ROLE_NORMAL,
"internal"})
  | @RunAs("internal")
  | @Local({UserFacade.class})
  | @Remote({UserFacadeRemote.class})
  | @Stateless
  | public class UserFacadeBean implements UserFacade {
  | 	private static final String SUBJECT_CONTEXT_KEY =
"javax.security.auth.Subject.container";
  | 	
  | 	private static Logger log = Logger.getLogger(UserFacadeBean.class);
  | 	
  | 	/**
  |      * Session context for security checks.
  |      */
  |     @Resource
  |     private SessionContext ctx;
  | 	
  | 	@EJB
  | 	private DAOFactory daoFactory;
  | 	
  |     private ApplicationUserDao userDao;
  |     private ApplicationRoleDao roleDao;
  |     
  | 	/**
  | 	 * Inits the daos.
  | 	 */
  | 	@PostConstruct
  | 	public void initDao() {
  | 		userDao = daoFactory.getApplicationUserDao();
  |         roleDao = daoFactory.getApplicationRoleDao();
  | 	}
  | 
  |     public List<ApplicationUser> getAllUsers() {
  |         return userDao.findAllOrdered("lastname, firstname");
  |     }
  | 
  |     public ApplicationUser saveUser(ApplicationUser user, boolean updateZebra) {
  |         if (updateZebra) {
  |             // Update current user from zebra
  |             LDAPSearcher searcher = new LDAPSearcher();
  |             searcher.updateUserAD(user);
  |         }
  |         return userDao.merge(user);
  |     }
  | 
  |     public boolean deleteUser(String gid) {
  |         try {
  |             userDao.remove(gid);
  |         } catch (EntityNotFoundException e) {
  |             log.debug(e);
  |             throw new MyApplicationException("db.alreadydeleted");
  |         } catch (EntityExistsException e) {
  |             log.debug(e.getCause());
  |             if (e.getCause() instanceof ConstraintViolationException) {
  |                 // User still used elsewhere
  |                 throw new MyApplicationException("db.stillused");
  |             }
  |             else {
  |                 // Should never happen
  |                 throw (EntityExistsException) e.fillInStackTrace();
  |             }
  |         }
  |         return true;
  |     }
  | 
  |     public ApplicationUser findUserById(String userId) throws EntityNotFoundException
{
  |         return userDao.findById(userId);
  |     }
  |     
  |     public ApplicationUser findFullUserById(String userId) throws
EntityNotFoundException {
  |         ApplicationUser user = userDao.findById(userId);
  |         return userDao.fetchFullUser(user);
  |     }
  | 
  |     public List<ApplicationRole> getAllRoles() {
  |         return roleDao.findAllOrdered("reihe");
  |     }
  | 
  |     public List<ApplicationUser> findDirectoryUsers(ApplicationUser user) 
  |     		throws TooManyHitsException {
  |         LDAPSearcher searcher = new LDAPSearcher();
  |         return searcher.findByCriteriaAD(user);
  |     }
  | 
  |     public ApplicationUser findDirectoryUser(String userId) {
  |         LDAPSearcher searcher = new LDAPSearcher();
  |         ApplicationUser user = new ApplicationUser();
  |         user.setId(userId);
  |         searcher.updateUserAD(user);
  |         return user;
  |     }
  | 
  | 	@Override
  | 	public List<ApplicationUser> findByCriteria(String firstname, 
  | 			String lastname, String department, String phone,
  | 			String email, String id) {
  | 		LDAPSearcher searcher = new LDAPSearcher();
  | 		return searcher.findByCriteria(firstname, lastname, 
  | 				department, phone, email, id);
  | 	}
  | 
  | 	@Override
  | 	public List<ApplicationRole> getRolesNotUser(ApplicationUser user) {
  | 		user = userDao.fetchFullUser(user);
  | 		return roleDao.findNonRolesOfUser(user);
  | 	}
  | 
  | 	@Override
  | 	public List<ApplicationRole> getUserRoles(ApplicationUser user) {
  | 		user = userDao.fetchFullUser(user);
  | 		return new ArrayList<ApplicationRole>(user.getRole());
  | 	}
  | 
  | 	@Override
  | 	public boolean addRole(ApplicationRole role, ApplicationUser user) {
  | 		user = userDao.fetchFullUser(user);
  | 		return userDao.linkRoleToUser(role, user);
  | 	}
  | 
  | 	@Override
  | 	public boolean deleteRole(ApplicationRole role, ApplicationUser user) {
  | 		user = userDao.fetchFullUser(user);
  | 		return userDao.unlinkRoleToUser(role, user);
  | 	}
  | 
  | 	@Override
  | 	public ApplicationRole findRoleById(String roleId)
  | 			throws EntityNotFoundException {
  | 		return roleDao.findById(roleId);
  | 	}
  | 	
  | 	public void updateUser() throws MyApplicationException {
  |         // Get user from DB
  |         LDAPSearcher searcher = new LDAPSearcher();
  |         ApplicationUser dbUser=null;
  |         try {
  |         	dbUser = userDao.findById(getUserId(ctx));
  |         }
  |         catch(EntityNotFoundException e) {
  |             throw new MyApplicationException("User not found in database.",
e);
  |         }
  |         
  |         // Get current user data from zebra
  | //        searcher.updateUserAD(dbUser);
  | 
  |         // Save user
  | //        userDao.merge(dbUser);
  |     }
  |     
  |     /**
  |      * Static helper method: Get userId from EJB context.
  |      * 
  |      * @param ctx SessionContext for no-ad-case
  |      * @return userId
  |      */
  |     public static String getUserId(SessionContext ctx) {
  |         try {
  |             Subject subject = (Subject)
PolicyContext.getContext(UserFacadeBean.SUBJECT_CONTEXT_KEY);
  |             Set<ADLoginIdentifier> pc =
subject.getPublicCredentials(ADLoginIdentifier.class);
  |             if (pc == null || pc.isEmpty()) {
  |                 /*
  |                  * Should only happen in JUnit case, return user name as GID
  |                  * NOT dangerous because:
  |                  * - Spiider is the only login method on production server
  |                  * - The following update from Zebra will fail and throw an Exception
  |                  */
  |                 log.warn("Logging in without ADLoginIdentifier, should only
happen in JUnit test!");
  |                 return ctx.getCallerPrincipal().getName();
  |             }
  |             else {
  |                 return pc.iterator().next().getUserId();
  |             }
  |         } catch (PolicyContextException e) {
  |             throw new MyApplicationException("Jaas subject could not be
retrieved.", e);
  |         }
  |     }
  | 
  | 	@Override
  | 	public boolean userHasRole(ApplicationRole role, ApplicationUser user) {
  | 		user = userDao.fetchFullUser(user);
  | 		Set<ApplicationRole> roles = user.getRole();
  | 		if (roles.contains(role)) {
  | 			return true;
  | 		}
  | 		else {
  | 			return false;
  | 		}
  | 	}
  | 
  | 	@Override
  | 	public ApplicationRole getRolesById(String roleid) {
  | 		ApplicationRole role = roleDao.findById(roleid);
  | 		return role;
  | 	}
  | 
  | }
  | 

View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4258089#...

Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Security] - Caller unauthorized on using a ejb3 statetlesssessionbean fr