[jboss-user] [Security & JAAS/JBoss] - Re: Unable to get Subject from SecurityAssociation when call
kimbaltrue
do-not-reply at jboss.com
Mon Aug 25 15:01:14 EDT 2008
The first bean is a standard EJB3.0 webservice bean.
| @WebService(name = "Reference", serviceName = "Reference", targetNamespace = "http://legion.ccf.org")
| @SOAPBinding(style = SOAPBinding.Style.DOCUMENT)
| /*
| * JBOSS specific security annotations
| */
| @SecurityDomain("tactus-domain")
| @WebContext(authMethod = "BASIC", contextRoot = "/Legion/Ref", transportGuarantee = "NONE", secureWSDLAccess = false)
|
|
|
| @Stateless(name = "Reference")
| @Remote(Reference.class)
| @Local(Reference.class)
| @TransactionManagement(TransactionManagementType.BEAN)
| @Interceptors(TrackingMetrics.class)
| public class ReferenceWebBean implements ReferenceWeb
| {
| protected AdapterRegistry registry = null;
| protected ReferenceWeb adapter = null;
|
|
| /* (non-Javadoc)
| * @see org.ccf.legion.ReferenceWeb#getUserRoles()
| */
| @Override
| public List<String> getUserRoles()
| {
| return adapter.getUserRoles();
| }
| }
|
The adapter object is a simple POJO used to do work. It uses the following code to find the second bean using the JNDI string "Legion/ReferenceBean/local".
The ReferenceWebBean (EJB3.0 #1) is a web service bean and calls other beans to do it's work. The ReferenceBean (EJB3.0 #2) is a stateless EJB bean which accesses the database.
| private Object findJNDIResource(String mappedName)
| {
| Object result = null;
|
| try
| {
| InitialContext context = new InitialContext();
| result = context.lookup(mappedName);
| }
| catch (NamingException e)
| {
| log.debug(messages.getString("AdapterRegistry.24", mappedName));
| // if not found just return null
| }
|
| return result;
| }
|
After getting the local inteface to the ReferenceBean (EJB3.0 #2) the adapter calls a method on that bean which then does the following:
| public List<String> getRoles()
| {
| List<String> rolelist = new java.util.ArrayList<String>();
|
| Subject subject = org.jboss.security.SecurityAssociation.getSubject();
| if(subject == null)
| {
| log.debug("Subject is null");
| return rolelist;
| }
|
| Set<SimpleGroup> groups = subject.getPrincipals(SimpleGroup.class);
| if(groups.isEmpty())
| log.debug("No Simple Groups");
| else
| {
| for(SimpleGroup group : groups)
| {
| if(group.getName().compareToIgnoreCase("Roles")==0)
| {
| java.util.Enumeration<?> en = group.members();
| while(en.hasMoreElements())
| {
| Object obj = en.nextElement();
| if(obj instanceof Principal)
| {
| String name = ((Principal)obj).getName();
| rolelist.add(name);
| log.debug("Role name = "+name);
|
| }
| else
| {
| log.debug("Simple Group Content: " + obj.getClass().getName());
| }
| }
| }
| }
| }
|
| return rolelist;
| }
|
|
If I put the above code directly in the webservice bean (ReferenceWebBean or EJB3.0 #1) it works, and returns the roles list. If I put this code in the second EJB3.0 bean (ReferenceBean EJB3.0 #2) where the database connections are then it returns a null for the Subject.
These two beans are in the same EAR file, but different JAR files.
The second EJB3.0 bean (ReferenceBean EJB3.0 #2) looks like this:
| @Stateless(name = "ReferenceBean") //$NON-NLS-1$
| @Remote(Reference.class)
| @Local(Reference.class)
| @TransactionManagement(TransactionManagementType.BEAN)
| @Interceptors(TrackingMetrics.class)
| public class ReferenceBean extends LegionServiceSupport implements Reference
| {
| private static final Log log = LogFactory.getLog(ReferenceBean.class);
| private static final Messages messages = Messages
| .getMessages(ReferenceBean.class);
|
|
| @PersistenceContext(unitName = "LegionModel") //$NON-NLS-1$
| private EntityManager manager = null;
|
|
|
|
|
I hope that helps explain what's going on. The codes a bit more involved than what I've shown, but these are the relevant parts.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4172405#4172405
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4172405
More information about the jboss-user
mailing list