calling secured EJB does not set sessioncontext
konijn Apr 23, 2002 4:30 PM
I have written a simple session bean which echoes a
string. I access this bean via the web (jsp).
I can secure this bean using when i access it from a
servlet.
When I access it from a JSP the session context is not
set. I tried this with the JBOSS catalina bundle:
JBoss-2.4.4_Tomcat-4.0.1
Am I doing something wrong or is this a bug?
Regards,
Erik
JSP file
--------
echo
<jsp:useBean id="bean1" scope="session"
class="echo.EchoBean" />
<jsp:setProperty name="bean1" property="echo" value
= "Hello Erik" />
<h1>
JBuilder Generated JSP
</h1>
<%= bean1.getEcho() %>
Bean
----
package echo;
import java.rmi.*;
import javax.ejb.*;
/**
* Title:
* Description:
* Copyright: Copyright (c) 2002
* Company:
* @author unascribed
* @version 1.0
*/
public class EchoBean implements SessionBean {
private SessionContext sessionContext;
String echo;
public void ejbCreate() {
}
public void ejbRemove() {
}
public void ejbActivate() {
}
public void ejbPassivate() {
}
public void setSessionContext(SessionContext
sessionContext) {
System.out.println("Setting Session context");
this.sessionContext = sessionContext;
}
public void setEcho(String echo) {
this.echo = echo;
System.out.println("setEcho(String echo);");
}
public String getEcho() {
System.out.println("getEcho();");
return echo + " " +
sessionContext.getCallerPrincipal().getName();
}
}
web.xml
-------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems,
Inc.//DTD Web Application
2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<servlet-name>echoit</servlet-name>
<jsp-file>/echo.jsp</jsp-file>
<servlet-mapping>
<servlet-name>echoit</servlet-name>
<url-pattern>/restricted/echoit</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>Customer</display-name>
<web-resource-collection>
<web-resource-name>Collection1</web-resource-
name>
<url-pattern>/restricted/*</url-pattern>
<url-pattern>/echo.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Customer</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/logon.jsp</form-login-page>
<form-error-page>/logon_failed.jsp</form-error-
page>
</form-login-config>
</login-config>
<security-role>
<role-name>Customer</role-name>
</security-role>
<ejb-ref>
<ejb-ref-name>EJB/Echo</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type>
echo.EchoHome
echo.Echo
</ejb-ref>
</web-app>
ejb-jar.xml
-----------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems,
Inc.//DTD Enterprise JavaBeans
1.1//EN" "http://java.sun.com/j2ee/dtds/ejb-
jar_1_1.dtd">
<ejb-jar>
<enterprise-beans>
<ejb-name>Echo</ejb-name>
echo.EchoHome
echo.Echo
<ejb-class>echo.EchoBean</ejb-class>
<session-type>Stateful</session-type>
<transaction-type>Container</transaction-
type>
</enterprise-beans>
<assembly-descriptor>
<security-role>
<role-name>Customer</role-name>
</security-role>
<method-permission>
<role-name>Customer</role-name>
<ejb-name>Echo</ejb-name>
<method-name>*</method-name>
</method-permission>
</assembly-descriptor>
</ejb-jar>
jboss.xml
---------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss PUBLIC '-//JBoss//DTD JBOSS
2.4//EN' 'http://www.jboss.org/j2ee/dtd/jboss_2_4.dtd'>
<security-domain>java:/jaas/default</security-
domain>
<enterprise-beans>
<ejb-name>Echo</ejb-name>
<jndi-name>Echo</jndi-name>
</enterprise-beans>
jboss-web.xml
-------------
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/default</security-
domain>
<ejb-ref>
<ejb-ref-name>EJB/Echo</ejb-ref-name>
<jndi-name>Echo</jndi-name>
</ejb-ref>
</jboss-web>