[jboss-user] [Security] - Re: Caller unauthorized on using a ejb3 statetlesssessionbea

praenti do-not-reply at jboss.com
Thu Oct 1 10:22:03 EDT 2009 

My web.xml:

  | <?xml version="1.0" encoding="UTF-8"?>
  | <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
  | 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  | 	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
  | 
  | 	<display-name>CANCardViewer</display-name>
  | 	<context-param>
  | 		<!-- the JAAS Login Domain -->
  | 		<param-name>jaasLoginDomain</param-name>
  | 		<param-value>cancardDomain</param-value>
  | 	</context-param>
  | 	<context-param>
  | 		<!-- the JAAS Client Login Domain -->
  | 		<param-name>jaasClientLoginDomain</param-name>
  | 		<param-value>client-login</param-value>
  | 	</context-param>
  | 	<context-param>
  | 		<param-name>jmesaPreferencesLocation</param-name>
  | 		<param-value>
  | 			/resources/jmesa.properties
  | 		</param-value>
  | 	</context-param>
  | 	<context-param>
  |   		<param-name>jmesaMessagesLocation</param-name>
  |   		<param-value>applicationResources</param-value>
  | 	</context-param>
  | 
  | 	<filter>
  | 		<filter-name>struts2</filter-name>
  | 		<filter-class>
  | 			org.apache.struts2.dispatcher.FilterDispatcher
  | 		</filter-class>
  | 	</filter>
  | 	
  | <!--
  | 	This is not necessary if a ServiceLocator fetches the data from EJB layer
  | 	<filter>
  | 		<filter-name>SpringOpenEntityManagerInViewFilter</filter-name>
  | 		<filter-class>
  | 			org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter
  | 		</filter-class>
  | 	</filter>
  |  
  | 	<filter-mapping>
  | 		<filter-name>SpringOpenEntityManagerInViewFilter</filter-name>
  | 		<url-pattern>/*</url-pattern>
  | 	</filter-mapping>
  | -->
  | 
  | 	<filter-mapping>
  | 		<filter-name>struts2</filter-name>
  | 		<url-pattern>/*</url-pattern>
  | 	</filter-mapping>
  | 
  | 	<servlet>
  | 		<servlet-name>worksheet</servlet-name>
  | 		<servlet-class>org.jmesa.worksheet.servlet.WorksheetServlet</servlet-class>
  | 	</servlet>
  | 	
  | 	<servlet-mapping>
  | 		<servlet-name>worksheet</servlet-name>
  | 		<url-pattern>*.wrk</url-pattern>
  | 	</servlet-mapping>
  | 	
  | 	
  | 	<listener>
  | 		<listener-class>
  | 			org.springframework.web.context.ContextLoaderListener
  | 		</listener-class>
  | 	</listener>
  | 
  | 	<welcome-file-list>
  | 		<welcome-file>index.jsp</welcome-file>
  | 	</welcome-file-list>
  | 	
  | </web-app>
  | 

And the struts2 interceptor I use on sites you have to be logged in:
JaasLoginInterceptor:

  | /**
  |  * 
  |  */
  | package vwg.audi.cancard.ui.interceptor;
  | 
  | import javax.servlet.http.HttpServletRequest;
  | 
  | import org.apache.log4j.Logger;
  | import org.apache.struts2.ServletActionContext;
  | 
  | import vwg.yyy.cancard.business.LoginFacade;
  | import vwg.yyy.cancard.ui.JAASConstants;
  | 
  | import com.opensymphony.xwork2.Action;
  | import com.opensymphony.xwork2.ActionInvocation;
  | import com.opensymphony.xwork2.interceptor.Interceptor;
  | 
  | /**
  |  * JAASLoginFilter
  |  * 
  |  * @author Michael Obster
  |  */
  | public class JAASLoginInterceptor implements Interceptor {
  | 
  | 	private static final long serialVersionUID = -1983088770872827621L;
  | 
  | 	private Logger log = Logger.getLogger(this.getClass());
  | 
  | 	String loginDomain = "";
  | 	String clientLoginDomain = "";
  | 	
  | 	LoginFacade loginFacade;
  | 
  | 	@Override
  | 	public void init() {
  | 		
  | 	}
  | 
  | 	@Override
  | 	public String intercept(ActionInvocation actionInvocation) throws Exception {
  | 		loginDomain = ServletActionContext.getServletContext().getInitParameter("jaasLoginDomain");
  | 		clientLoginDomain = ServletActionContext.getServletContext().getInitParameter("jaasClientLoginDomain");
  | 		if (log.isDebugEnabled()) {
  | 			log.debug("init JAASInterceptor: loginDomain:" + loginDomain + " clientLoginDomain:" + clientLoginDomain);
  | 		}
  | 		
  | 		HttpServletRequest request = ServletActionContext.getRequest();
  | 		String servletPath = request.getServletPath();
  | 		String pathInfo = request.getPathInfo();
  | 		String path = (servletPath == null ? "" : servletPath)
  | 					+ (pathInfo == null ? "" : pathInfo);
  | 		if (log.isDebugEnabled()) {
  | 			log.debug("Login INTERCEPT");
  | 		}
  | 		loginFacade = new LoginFacade(loginDomain, clientLoginDomain);
  | 	        
  | 			
  | 		if (!JAASConstants.USER_IS_VALID.equals(request
  | 						.getSession().getAttribute(
  | 								JAASConstants.USER_VALIDITY))) {
  | 			log.info("requested path: " + path);
  | 			return Action.LOGIN;
  | 		} 
  | 			
  | 		//Perform client-login
  | 		String username = (String)request.getSession().getAttribute(JAASConstants.USERNAME);
  |         String strPassword  = (String)request.getSession().getAttribute(JAASConstants.PASSWORD);
  | 		    
  |         // Classic login by username and password
  |         loginFacade.clientLogin(username, strPassword);
  |         if (log.isDebugEnabled()) {
  |         	log.debug("*****CLIENTLOGIN COMPLETE****");
  |         }
  | 		
  | 		return actionInvocation.invoke();
  | 	}
  | 
  | 	@Override
  | 	public void destroy() {
  | 		loginFacade.logout();
  | 	}
  | 	
  | 	
  | 
  | }
  | 

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4258172#4258172

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4258172

More information about the jboss-user mailing list