[jboss-user] [EJB3] - Re: Can't get SessionContext.isCallerInRole(...) to work from remote call.
Krister Wicksell
do-not-reply at jboss.com
Wed May 4 08:04:16 EDT 2011
Krister Wicksell [http://community.jboss.org/people/kriwic] created the discussion
"Re: Can't get SessionContext.isCallerInRole(...) to work from remote call."
To view the discussion, visit: http://community.jboss.org/message/603396#603396
--------------------------------------------------------------
Since I did not get any reply on this post I thought I explain a little better. I would like to get some feedback before I report this as a bug because I don't know if I have missed something.
When I access a stateless bean from outside of JBoss via its remote interface from a Java client SessionContext.isCallerInRole(...) always return false. How ever when I access the same bean from a JSP running in the same JBoss SessionContext.isCallerInRole(...) works correctly. This behavior is in JBoss 5 & 6. In JBoss 4 it works OK for both cases.
In my small test case I have a stateless bean interface named Test. It have only one method checkRole(). This method should return true if the caller have the role administrator.
@Remote
public interface Test {
public boolean checkRole();
}
The implementation of the role is as follows below. It uses the security domain zert and the only method return the result of SessionContext.isCallerInRole("administrator").
@Stateless
@Remote({Test.class})
@SecurityDomain("zert")
@DeclareRoles({"administrator", "producer", "consumer"})
public class TestBean implements Test {
@Resource
private SessionContext context;
@Override
public boolean checkRole() {
return context.isCallerInRole("administrator");
}
}
The security domain zert has only one user called admin. The admin user is in the roles, administrator, producer and consumer. This can be seen in the listing below.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE server PUBLIC -//JBoss//DTD MBean Service 4.0//EN http://www.jboss.org/j2ee/dtd/jboss-service_4_0.dtd>
<server>
<mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="jboss:service=DynamicLoginConfig">
<attribute name="PolicyConfig" serialDataType="jbxb">
<jaas:policy
xsi:schemaLocation="urn:jboss:security-config:4.1 resource:security-config_4_1.xsd"
xmlns:jaas="urn:jboss:security-config:4.1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<jaas:application-policy name="zert">
<jaas:authentication>
<jaas:login-module code="org.jboss.security.auth.spi.XMLLoginModule" flag="required">
<jaas:module-option name="userInfo">
<ur:users
xsi:schemaLocation="urn:jboss:user-roles:1.0 resource:user-roles_1_0.xsd"
xmlns:ur="urn:jboss:user-roles:1.0">
<ur:user name="admin" password="test">
<ur:role name="administrator"></ur:role>
<ur:role name="producer"></ur:role>
<ur:role name="consumer"></ur:role>
</ur:user>
</ur:users>
</jaas:module-option>
<jaas:module-option name="unauthenticatedIdentity">guest</jaas:module-option>
</jaas:login-module>
</jaas:authentication>
</jaas:application-policy>
</jaas:policy>
</attribute>
<depends optional-attribute-name="LoginConfigService">jboss.security:service=XMLLoginConfig</depends>
<depends optional-attribute-name="SecurityManagerService">jboss.security:service=JaasSecurityManager</depends>
</mbean>
</server>
When the Test bean is accessed via the remote interface using the following test client, then SessionContext.isCallerInRole(...) always return false. For me this looks like a bug!
public class TestClient {
public static void main(String[] argv) {
try {
System.setProperty("java.security.auth.login.config", "auth.conf");
ConnectionHandler connectionHandler = new ConnectionHandler("admin", "test");
LoginContext loginContext = new LoginContext("zert", connectionHandler);
loginContext.login();
System.out.println(runTest());
loginContext.logout();
} catch (Exception e) {
e.printStackTrace();
}
}
public static String runTest() throws Exception {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.NamingContextFactory");
env.put(Context.PROVIDER_URL, "localhost");
InitialContext context = new InitialContext(env);
Test test = (Test)context.lookup("zert/TestBean/remote");
return "Is administrator: " + test.checkRole();
}
...
}
How ever when I access the same bean the following JSP the method workd correctly and returns true.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.1//EN http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd>
<%@page contentType="text/html; charset=UTF-8" %>
<%@page import="se.zert.test.*"%>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Test</title>
</head>
<body>
<%=TestClient.runTest()%>
</body>
</html>
Does anyone have a good answer to why the bean reacts different when accessed from outside of JBoss than inside of JBoss?
Thanks in advance!
/Krister
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/603396#603396]
Start a new discussion in EJB3 at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2029]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20110504/6311989d/attachment-0001.html
More information about the jboss-user
mailing list