[jboss-user] [Security & JAAS/JBoss] - Re: JACC on the fly method permission changes not reflecting

tpnaidu79 do-not-reply at jboss.com
Wed Aug 9 09:41:53 EDT 2006


I have a method in a session bean called JobServiceBean. The method is as follows:

@RolesAllowed("Recruiter")
	public void outputJunk() {
		System.out.println("#######");		
	}

Now after authentication using JAAS, I am writing code to change the @RolesAllowed from "Recruiter" to "Hiring Manager" as follows:

EJBMethodPermission ejbmp = new EJBMethodPermission("JobServiceBean","");

PolicyConfigurationFactory pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();

PolicyConfiguration pc = pcf.getPolicyConfiguration("kr.jar", false);
pc.removeRole("Recruiter");
pc.addToRole("Hiring Manager", ejbmp);
pc.commit();

IMHO once commit is called, the @RolesAllowed is now changed from "Recruiter" to "Hiring Manager" so when a user with the role "Hiring Manager" tries to run outputJunk() method in JobServiceBean he should be able to do it. But I am getting an Exception as follows:

19:10:52,711 ERROR [RoleBasedAuthorizationInterceptor] Insufficient permissions, principal=admin, requiredRoles=[Recruiter], principalRoles=[Hiring Manager]
19:10:59,305 ERROR [STDERR] javax.ejb.EJBAccessException: Authorization failure
19:10:59,305 ERROR [STDERR] 	at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptor.invoke(RoleBasedAuthorizationInterceptor.java:104)
19:10:59,305 ERROR [STDERR] 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
19:10:59,305 ERROR [STDERR] 	at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:78)
19:10:59,305 ERROR [STDERR] 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
19:10:59,321 ERROR [STDERR] 	at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
19:10:59,321 ERROR [STDERR] 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
19:10:59,321 ERROR [STDERR] 	at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
19:10:59,321 ERROR [STDERR] 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
19:10:59,321 ERROR [STDERR] 	at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:181)
19:10:59,321 ERROR [STDERR] 	at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:79)
19:10:59,321 ERROR [STDERR] 	at $Proxy90.outputJunk(Unknown Source)
19:10:59,321 ERROR [STDERR] 	at com.kenexa.kr.web.LoginControllerBean.login(LoginControllerBean.java:118)
19:10:59,321 ERROR [STDERR] 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
19:10:59,321 ERROR [STDERR] 	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
19:10:59,321 ERROR [STDERR] 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
19:10:59,321 ERROR [STDERR] 	at java.lang.reflect.Method.invoke(Unknown Source)
19:10:59,336 ERROR [STDERR] 	at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:129)
19:10:59,336 ERROR [STDERR] 	at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:63)
19:10:59,336 ERROR [STDERR] 	at oracle.adf.view.faces.component.UIXCommand.broadcast(UIXCommand.java:211)
19:10:59,336 ERROR [STDERR] 	at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:90)
19:10:59,336 ERROR [STDERR] 	at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:164)
19:10:59,336 ERROR [STDERR] 	at org.apache.myfaces.lifecycle.LifecycleImpl.invokeApplication(LifecycleImpl.java:316)
19:10:59,336 ERROR [STDERR] 	at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:86)
19:10:59,336 ERROR [STDERR] 	at javax.faces.webapp.FacesServlet.service(FacesServlet.java:106)
19:10:59,336 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
19:10:59,336 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
19:10:59,336 ERROR [STDERR] 	at oracle.adfinternal.view.faces.webapp.AdfFacesFilterImpl._invokeDoFilter(AdfFacesFilterImpl.java:356)
19:10:59,352 ERROR [STDERR] 	at oracle.adfinternal.view.faces.webapp.AdfFacesFilterImpl._doFilterImpl(AdfFacesFilterImpl.java:325)
19:10:59,352 ERROR [STDERR] 	at oracle.adfinternal.view.faces.webapp.AdfFacesFilterImpl.doFilter(AdfFacesFilterImpl.java:190)
19:10:59,352 ERROR [STDERR] 	at oracle.adf.view.faces.webapp.AdfFacesFilter.doFilter(AdfFacesFilter.java:87)
19:10:59,352 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
19:10:59,352 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
19:10:59,352 ERROR [STDERR] 	at org.apache.myfaces.webapp.Filter.doFilter(Filter.java:202)
19:10:59,352 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
19:10:59,352 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
19:10:59,352 ERROR [STDERR] 	at org.apache.myfaces.component.html.util.ExtensionsFilter.doFilter(ExtensionsFilter.java:122)
19:10:59,352 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
19:10:59,368 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
19:10:59,368 ERROR [STDERR] 	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
19:10:59,368 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
19:10:59,368 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
19:10:59,368 ERROR [STDERR] 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
19:10:59,368 ERROR [STDERR] 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
19:10:59,368 ERROR [STDERR] 	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
19:10:59,368 ERROR [STDERR] 	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
19:10:59,368 ERROR [STDERR] 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
19:10:59,368 ERROR [STDERR] 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
19:10:59,368 ERROR [STDERR] 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
19:10:59,383 ERROR [STDERR] 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
19:10:59,383 ERROR [STDERR] 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
19:10:59,383 ERROR [STDERR] 	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
19:10:59,383 ERROR [STDERR] 	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
19:10:59,383 ERROR [STDERR] 	at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
19:10:59,383 ERROR [STDERR] 	at java.lang.Thread.run(Unknown Source)
19:10:59,399 ERROR [STDERR] Caused by: java.lang.SecurityException: Insufficient permissions, principal=admin, requiredRoles=[Recruiter], principalRoles=[Hiring Manager]
19:10:59,399 ERROR [STDERR] 	at org.jboss.aspects.security.RoleBasedAuthorizationInterceptor.invoke(RoleBasedAuthorizationInterceptor.java:150)
19:10:59,399 ERROR [STDERR] 	at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptor.invoke(RoleBasedAuthorizationInterceptor.java:100)
19:10:59,399 ERROR [STDERR] 	... 53 more

Am i doing anything wrong?? or am I missing something?? 

-P

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3964054#3964054

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3964054



More information about the jboss-user mailing list