[jboss-user] [Security & JAAS/JBoss] - Bug in SecurityAssociation(?) - EJB3 MDB Calls a SLSB which

sappenin do-not-reply at jboss.com
Tue Oct 10 16:44:05 EDT 2006

I am running JBAS 4.0.4GA_Patch1.  I have an annotated EJB3 MDB, with the following annotations:

  | @RunAs("system")
  | @RolesAllowed( {
  | 	"admin", "system"
  | })

Inside of my MDB, I am calling a function on a SLSB (called "UserBean").  Inside of my SLSB UserBean, I execute the following call (notice the injected SessionContext):

  | @Resource SessionContext context;
  | public someFunc(..)
  | {
  | Principal p = this.context.getCallerPrincipal();
  | }

Now, this SLSB call works just fine if I access the SLSB from, say, a web-services call (I get the proper principal returned).  However, when I call it from an MDB, I get  the following exception: "java.lang.IllegalStateException: No valid security context for the caller identity".

After doing a bit of digging, I noticed that inside of the SecurityAssociation class, the peekRunAsIdentity() function is being called with a depth of 1.  Inside of peekRunAsIdentity, the peek() function is trying to determine a valid "runas" role.  If I debug this, I can see the correct "system" role in the stack (ArrayList) object, complete with an "anonymous" principal name.  However, the depth always gets set to -1 inside of the peek function, and so the "RunAs" role is ignored.  The peek() function (incorrectly) assumes that the principal is null, and throws an IllegalStateException.

Something seems amiss here...like I said, my code works fine, so long as its not invoked from an MDB.  Can anybody comment on this?



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3977365#3977365

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3977365

More information about the jboss-user mailing list