[jboss-jira] [JBoss JIRA] (AS7-2942) when EJB method called from application client with proper authorization call is wrongly denied
Jason Greene (JIRA)
jira-events at lists.jboss.org
Thu Feb 9 12:38:50 EST 2012
[ https://issues.jboss.org/browse/AS7-2942?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jason Greene resolved AS7-2942.
-------------------------------
Resolution: Done
> when EJB method called from application client with proper authorization call is wrongly denied
> -----------------------------------------------------------------------------------------------
>
> Key: AS7-2942
> URL: https://issues.jboss.org/browse/AS7-2942
> Project: Application Server 7
> Issue Type: Bug
> Components: EJB, Security
> Affects Versions: 7.1.0.Beta1
> Reporter: Peter Skopek
> Assignee: Jason Greene
> Priority: Blocker
> Labels: eap6_prd_req
> Fix For: 7.1.0.Final
>
>
> When calling EJB method from client with authenticated user holding proper authorization, method call is denied.
> It is happening for stateless as well as stateful beans.
> See server exception:
> 09:31:58,254 INFO [org.jboss.as.test.integration.ejb.security.SingleMethodsAnnSFSBTestCase] (main) JNDI name=ejb:/singleMethodsAnnOnlySFSB//SingleMethodsAnnOnlyCheckSFSB!org.jboss.as.test.integration.ejb.security.authorization.SimpleAuthorizationRemote?stateful
> 09:31:58,299 ERROR [org.jboss.ejb3.invocation] (pool-8-thread-5) JBAS014134: EJB Invocation failed on component SingleMethodsAnnOnlyCheckSFSB for method public abstract java.lang.String org.jboss.as.test.integration.ejb.security.authorization.SimpleAuthorizationRemote.roleBasedAccessOne(java.lang.String): javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public abstract java.lang.String org.jboss.as.test.integration.ejb.security.authorization.SimpleAuthorizationRemote.roleBasedAccessOne(java.lang.String) of bean: SingleMethodsAnnOnlyCheckSFSB is not allowed
> at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:99) [jboss-as-ejb3-7.1.0.CR1-SNAPSHOT.jar:]
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:]
> at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:70) [jboss-as-ejb3-7.1.0.CR1-SNAPSHOT.jar:]
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:]
> at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.0.CR1-SNAPSHOT.jar:]
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:]
> at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:57) [jboss-as-ejb3-7.1.0.CR1-SNAPSHOT.jar:]
> at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:]
> at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:]
> at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.0.CR1-SNAPSHOT.jar:]
> at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:259) [jboss-as-ejb3-7.1.0.CR1-SNAPSHOT.jar:]
> at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessageHandler.java:56) [jboss-as-ejb3-7.1.0.CR1-SNAPSHOT.jar:]
> at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:177) [jboss-as-ejb3-7.1.0.CR1-SNAPSHOT.jar:]
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [:1.6.0_27]
> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [:1.6.0_27]
> at java.util.concurrent.FutureTask.run(FutureTask.java:138) [:1.6.0_27]
> at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_27]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_27]
> at java.lang.Thread.run(Thread.java:662) [:1.6.0_27]
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list