[jboss-user] [Security & JAAS/JBoss] - Bug in SecurityAssociation(?) - EJB3 MDB Calls a SLSB which
sappenin
do-not-reply at jboss.com
Tue Oct 10 16:44:05 EDT 2006
I am running JBAS 4.0.4GA_Patch1. I have an annotated EJB3 MDB, with the following annotations:
@SecurityDomain("myRealm")
| @RunAs("system")
| @RolesAllowed( {
| "admin", "system"
| })
|
Inside of my MDB, I am calling a function on a SLSB (called "UserBean"). Inside of my SLSB UserBean, I execute the following call (notice the injected SessionContext):
| @Resource SessionContext context;
|
| public someFunc(..)
| {
| Principal p = this.context.getCallerPrincipal();
| }
|
Now, this SLSB call works just fine if I access the SLSB from, say, a web-services call (I get the proper principal returned). However, when I call it from an MDB, I get the following exception: "java.lang.IllegalStateException: No valid security context for the caller identity".
After doing a bit of digging, I noticed that inside of the SecurityAssociation class, the peekRunAsIdentity() function is being called with a depth of 1. Inside of peekRunAsIdentity, the peek() function is trying to determine a valid "runas" role. If I debug this, I can see the correct "system" role in the stack (ArrayList) object, complete with an "anonymous" principal name. However, the depth always gets set to -1 inside of the peek function, and so the "RunAs" role is ignored. The peek() function (incorrectly) assumes that the principal is null, and throws an IllegalStateException.
Something seems amiss here...like I said, my code works fine, so long as its not invoked from an MDB. Can anybody comment on this?
Thanks!
David
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3977365#3977365
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3977365
More information about the jboss-user
mailing list