1 Reply Latest reply on Feb 28, 2002 9:39 AM by jbaker_softcomms

    Security Stopped Working in 2.4.4

    jbaker_softcomms
    jbaker_softcomms Feb 27, 2002 9:40 AM

      I have made no changes to an application which worked last week (apart from tweeking oracle a bit - not jboss or the client). However, now the server doesn't seem to be receving the security context properly. Although the client login context .login() apears to work fine, getCallerPrincipal() throws an exception upon the first EJB access. I have no idea what might have gone wrong since last week. I've added the auth.conf for both client and jboss and the stack trace. Any clues would be much apreciated.

      // From jboss auth.conf
      katalyzt {
      /* A JDBC based LoginModule
      LoginModule options:
      dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables
      principalsQuery: The prepared statement query equivalent to:
      "select Password from Principals where PrincipalID=?"
      rolesQuery: The prepared statement query equivalent to:
      "select Role, RoleGroup from Roles where PrincipalID=?"
      */
      org.jboss.security.auth.spi.DatabaseServerLoginModule required
      dsJndiName="java:/KatalyztDB"
      principalsQuery="select USER_PWD from TUSER where USER_NAME = ?"
      rolesQuery="select 'ToolboxUser', 'Roles' from TUSER where USER_NAME = ?"
      ;
      };

      // From client auth.conf
      katalyzt {
      // Put your login modules that work without jBoss here

      // jBoss LoginModule
      org.jboss.security.ClientLoginModule required;

      // Put your login modules that need jBoss here
      };

      // stack trace from first ejb call to getCallerPrincipal
      [ERROR,Default] java.lang.IllegalStateException: No security context set
      [ERROR,Default] at org.jboss.ejb.EnterpriseContext$EJBContextImpl.getCal
      lerPrincipal(EnterpriseContext.java:258)
      [ERROR,Default]
      [ERROR,Default] at com.katalyzt.toolbox.model.ejb.TModelSessionBean.getC
      allerId(TModelSessionBean.java:72)
      [ERROR,Default]
      [ERROR,Default] at com.katalyzt.toolbox.model.ejb.TModelSessionBean.getU
      ser(TModelSessionBean.java:58)
      [ERROR,Default]
      [ERROR,Default] at com.katalyzt.toolbox.model.ejb.TModelSessionBean.ejbC
      reate(TModelSessionBean.java:35)
      [ERROR,Default]
      [ERROR,Default] at java.lang.reflect.Method.invoke(Native Method)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.StatelessSessionEnterpriseContext.(StatelessSessionEnterpriseContext.java:54)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.StatelessSessionInstancePool.cr
      eate(StatelessSessionInstancePool.java:62)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.AbstractInstancePool.add(Abstra
      ctInstancePool.java:153)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.AbstractInstancePool.internalGe
      t(AbstractInstancePool.java:216)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.AbstractInstancePool.get(Abstra
      ctInstancePool.java:191)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.StatelessSessionInstanceInterce
      ptor.invoke(StatelessSessionInstanceInterceptor.java:74)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.TxInterceptorCMT.invokeNext(TxI
      nterceptorCMT.java:138)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransac
      tions(TxInterceptorCMT.java:347)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInter
      ceptorCMT.java:100)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.SecurityInterceptor.invoke(Secu
      rityInterceptor.java:127)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterc
      eptor.java:170)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.StatelessSessionContainer.invoke(Statel
      essSessionContainer.java:286)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoke
      r.invoke(JRMPContainerInvoker.java:410)
      [ERROR,Default]
      [ERROR,Default] at java.lang.reflect.Method.invoke(Native Method)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.server.UnicastServerRef.dispatch(UnicastServe
      rRef.java:241)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.transport.Transport$1.run(Transport.java:152)

      [ERROR,Default]
      [ERROR,Default] at java.security.AccessController.doPrivileged(Native Me
      thod)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.transport.Transport.serviceCall(Transport.jav
      a:148)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCP
      Transport.java:465)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.
      run(TCPTransport.java:706)
      [ERROR,Default]
      [ERROR,Default] at java.lang.Thread.run(Thread.java:484)
      [ERROR,Default]
      [ERROR,Default] java.lang.IllegalStateException: No security context set
      [ERROR,Default] at org.jboss.ejb.EnterpriseContext$EJBContextImpl.getCal
      lerPrincipal(EnterpriseContext.java:258)
      [ERROR,Default]
      [ERROR,Default] at com.katalyzt.toolbox.model.ejb.TModelSessionBean.getC
      allerId(TModelSessionBean.java:72)
      [ERROR,Default]
      [ERROR,Default] at com.katalyzt.toolbox.model.ejb.TModelSessionBean.getU
      ser(TModelSessionBean.java:58)
      [ERROR,Default]
      [ERROR,Default] at com.katalyzt.toolbox.model.ejb.TModelSessionBean.ejbC
      reate(TModelSessionBean.java:35)
      [ERROR,Default]
      [ERROR,Default] at java.lang.reflect.Method.invoke(Native Method)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.StatelessSessionEnterpriseContext.(StatelessSessionEnterpriseContext.java:54)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.StatelessSessionInstancePool.cr
      eate(StatelessSessionInstancePool.java:62)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.AbstractInstancePool.add(Abstra
      ctInstancePool.java:153)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.AbstractInstancePool.internalGe
      t(AbstractInstancePool.java:216)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.AbstractInstancePool.get(Abstra
      ctInstancePool.java:191)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.StatelessSessionInstanceInterce
      ptor.invoke(StatelessSessionInstanceInterceptor.java:74)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.TxInterceptorCMT.invokeNext(TxI
      nterceptorCMT.java:138)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransac
      tions(TxInterceptorCMT.java:347)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInter
      ceptorCMT.java:100)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.SecurityInterceptor.invoke(Secu
      rityInterceptor.java:127)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterc
      eptor.java:170)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.StatelessSessionContainer.invoke(Statel
      essSessionContainer.java:286)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoke
      r.invoke(JRMPContainerInvoker.java:410)
      [ERROR,Default]
      [ERROR,Default] at java.lang.reflect.Method.invoke(Native Method)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.server.UnicastServerRef.dispatch(UnicastServe
      rRef.java:241)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.transport.Transport$1.run(Transport.java:152)

      [ERROR,Default]
      [ERROR,Default] at java.security.AccessController.doPrivileged(Native Me
      thod)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.transport.Transport.serviceCall(Transport.jav
      a:148)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCP
      Transport.java:465)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.
      run(TCPTransport.java:706)
      [ERROR,Default]
      [ERROR,Default] at java.lang.Thread.run(Thread.java:484)
      [ERROR,Default]
      [ERROR,Default] java.lang.IllegalStateException: No security context set
      [ERROR,Default] at org.jboss.ejb.EnterpriseContext$EJBContextImpl.getCal
      lerPrincipal(EnterpriseContext.java:258)
      [ERROR,Default]
      [ERROR,Default] at com.katalyzt.toolbox.model.ejb.TModelSessionBean.getC
      allerId(TModelSessionBean.java:72)
      [ERROR,Default]
      [ERROR,Default] at com.katalyzt.toolbox.model.ejb.TModelSessionBean.getU
      ser(TModelSessionBean.java:58)
      [ERROR,Default]
      [ERROR,Default] at com.katalyzt.toolbox.model.ejb.TModelSessionBean.ejbC
      reate(TModelSessionBean.java:35)
      [ERROR,Default]
      [ERROR,Default] at java.lang.reflect.Method.invoke(Native Method)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.StatelessSessionEnterpriseContext.(StatelessSessionEnterpriseContext.java:54)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.StatelessSessionInstancePool.cr
      eate(StatelessSessionInstancePool.java:62)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.AbstractInstancePool.add(Abstra
      ctInstancePool.java:153)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.AbstractInstancePool.internalGe
      t(AbstractInstancePool.java:216)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.AbstractInstancePool.get(Abstra
      ctInstancePool.java:191)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.StatelessSessionInstanceInterce
      ptor.invoke(StatelessSessionInstanceInterceptor.java:74)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.TxInterceptorCMT.invokeNext(TxI
      nterceptorCMT.java:138)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransac
      tions(TxInterceptorCMT.java:347)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInter
      ceptorCMT.java:100)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.SecurityInterceptor.invoke(Secu
      rityInterceptor.java:127)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterc
      eptor.java:170)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.StatelessSessionContainer.invoke(Statel
      essSessionContainer.java:286)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoke
      r.invoke(JRMPContainerInvoker.java:410)
      [ERROR,Default]
      [ERROR,Default] at java.lang.reflect.Method.invoke(Native Method)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.server.UnicastServerRef.dispatch(UnicastServe
      rRef.java:241)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.transport.Transport$1.run(Transport.java:152)

      [ERROR,Default]
      [ERROR,Default] at java.security.AccessController.doPrivileged(Native Me
      thod)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.transport.Transport.serviceCall(Transport.jav
      a:148)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCP
      Transport.java:465)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.
      run(TCPTransport.java:706)
      [ERROR,Default]
      [ERROR,Default] at java.lang.Thread.run(Thread.java:484)
      [ERROR,Default]
      [ERROR,Default] java.lang.IllegalStateException: No security context set
      [ERROR,Default] at org.jboss.ejb.EnterpriseContext$EJBContextImpl.getCal
      lerPrincipal(EnterpriseContext.java:258)
      [ERROR,Default]
      [ERROR,Default] at com.katalyzt.toolbox.model.ejb.TModelSessionBean.getC
      allerId(TModelSessionBean.java:72)
      [ERROR,Default]
      [ERROR,Default] at com.katalyzt.toolbox.model.ejb.TModelSessionBean.getU
      ser(TModelSessionBean.java:58)
      [ERROR,Default]
      [ERROR,Default] at com.katalyzt.toolbox.model.ejb.TModelSessionBean.ejbC
      reate(TModelSessionBean.java:35)
      [ERROR,Default]
      [ERROR,Default] at java.lang.reflect.Method.invoke(Native Method)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.StatelessSessionEnterpriseContext.(StatelessSessionEnterpriseContext.java:54)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.StatelessSessionInstancePool.cr
      eate(StatelessSessionInstancePool.java:62)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.AbstractInstancePool.add(Abstra
      ctInstancePool.java:153)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.AbstractInstancePool.internalGe
      t(AbstractInstancePool.java:216)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.AbstractInstancePool.get(Abstra
      ctInstancePool.java:191)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.StatelessSessionInstanceInterce
      ptor.invoke(StatelessSessionInstanceInterceptor.java:74)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.TxInterceptorCMT.invokeNext(TxI
      nterceptorCMT.java:138)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransac
      tions(TxInterceptorCMT.java:347)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInter
      ceptorCMT.java:100)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.SecurityInterceptor.invoke(Secu
      rityInterceptor.java:127)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterc
      eptor.java:170)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.StatelessSessionContainer.invoke(Statel
      essSessionContainer.java:286)
      [ERROR,Default]
      [ERROR,Default] at org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoke
      r.invoke(JRMPContainerInvoker.java:410)
      [ERROR,Default]
      [ERROR,Default] at java.lang.reflect.Method.invoke(Native Method)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.server.UnicastServerRef.dispatch(UnicastServe
      rRef.java:241)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.transport.Transport$1.run(Transport.java:152)

      [ERROR,Default]
      [ERROR,Default] at java.security.AccessController.doPrivileged(Native Me
      thod)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.transport.Transport.serviceCall(Transport.jav
      a:148)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCP
      Transport.java:465)
      [ERROR,Default]
      [ERROR,Default] at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.
      run(TCPTransport.java:706)
      [ERROR,Default]
      [ERROR,Default] at java.lang.Thread.run(Thread.java:484)
      [ERROR,Default]

      • 3044 Views
      • Tags:
        • 1. Potential Security Bug in 2.4.4 and Workaround
          jbaker_softcomms
          jbaker_softcomms Feb 28, 2002 9:39 AM (in response to jbaker_softcomms)

          Well.. I'm very relieved that after a bit more investigation I have found a workaround by altering some of my code to not use getCallerPrincipal() in ejbCreate(). It seems that intermittently the security context in not yet available at this point in the life cycle. I suspect that some synchronization issue is afoot. I believe the specs allow this in ejbCreate(). Correct me if I'm wrong on that.

          An interesting thing is that this must of been actually going on for the last six months but I had covered it up with a workaround for a bug in a different app server! The getCallerPrincipal() was until recently wrapped in a try catch that gave the user id as "Guest" if the call failed. This was allowing a temporary identity which got switch on the next call! This code was remove a few weeks ago but as the problem is intermittent I only noticed it this week!!

          I suppose I should report it as a bug but it is extremely unpredicatable and don't really know how to reproduce it as simply restarting jboss sometimes makes it go away...


            • Actions