Hi,

we are running JBoss-2.4.4/Tomcat-4.0.1(Catalina) and are experiencing unexpected behavior. We have a security constraint for our jsp pages. See the attached web.xml.

When we try to access a page the form login page shows up. After authenticating we go on to the selected page. However this page uses a javabean to access a sessionbean that is using the security domain. See the attached KoensBean.java

The initGebruiker is called from within the jsp page. The home interface is found but as soon as the create method is called the following exception is thrown:

[14:12:16,443,Default] java.lang.SecurityException: Authentication exception, principal=null

[14:12:16,443,Default] at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:245)

[14:12:16,443,Default]

[14:12:16,443,Default] at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:220)

[14:12:16,453,Default]

[14:12:16,453,Default] at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:122)

[14:12:16,453,Default]

[14:12:16,453,Default] at org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoker_Stub.invokeHome(Unknown Source)

[14:12:16,453,Default]

[14:12:16,453,Default] at org.jboss.ejb.plugins.jrmp.interfaces.HomeProxy.invokeHome(HomeProxy.java:258)

[14:12:16,453,Default]

[14:12:16,453,Default] at org.jboss.ejb.plugins.jrmp.interfaces.HomeProxy.invoke(HomeProxy.java:182)

[14:12:16,463,Default]

[14:12:16,463,Default] at $Proxy45.create(Unknown Source)

[14:12:16,463,Default]

[14:12:16,463,Default] at com.pinkroccade.forumdossier.view.KoensBean.initGebruiker(KoensBean.java:40)

[14:12:16,463,Default]

[14:12:16,463,Default] at org.apache.jsp.koen$jsp._jspService(koen$jsp.java:180)

[14:12:16,463,Default]

[14:12:16,463,Default] at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)

[14:12:16,463,Default]

[14:12:16,463,Default] at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

[14:12:16,473,Default]

[14:12:16,473,Default] at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:202)

[14:12:16,473,Default]

[14:12:16,473,Default] at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:382)

[14:12:16,473,Default]

[14:12:16,473,Default] at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:474)

[14:12:16,473,Default]

[14:12:16,473,Default] at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

[14:12:16,483,Default]

[14:12:16,483,Default] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)

[14:12:16,483,Default]

[14:12:16,483,Default] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)

[14:12:16,483,Default]

[14:12:16,483,Default] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243)

[14:12:16,483,Default]

[14:12:16,483,Default] at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)

[14:12:16,483,Default]

[14:12:16,483,Default] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)

[14:12:16,493,Default]

[14:12:16,493,Default] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)

[14:12:16,493,Default]

[14:12:16,493,Default] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:201)

[14:12:16,493,Default]

[14:12:16,493,Default] at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)

[14:12:16,493,Default]

[14:12:16,493,Default] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:518)

[14:12:16,493,Default]

[14:12:16,493,Default] at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)

[14:12:16,503,Default]

[14:12:16,503,Default] at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)

[14:12:16,503,Default]

[14:12:16,503,Default] at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)

[14:12:16,503,Default]

[14:12:16,503,Default] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)

[14:12:16,503,Default]

[14:12:16,503,Default] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)

[14:12:16,503,Default]

[14:12:16,513,Default] at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2344)

[14:12:16,513,Default]

[14:12:16,513,Default] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)

[14:12:16,513,Default]

[14:12:16,513,Default] at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)

[14:12:16,513,Default]

[14:12:16,513,Default] at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)

[14:12:16,513,Default]

[14:12:16,513,Default] at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)

[14:12:16,513,Default]

[14:12:16,523,Default] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)

[14:12:16,523,Default]

[14:12:16,523,Default] at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)

[14:12:16,523,Default]

[14:12:16,523,Default] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)

[14:12:16,523,Default]

[14:12:16,523,Default] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)

[14:12:16,523,Default]

[14:12:16,523,Default] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:163)

[14:12:16,533,Default]

[14:12:16,533,Default] at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)

[14:12:16,533,Default]

[14:12:16,533,Default] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)

[14:12:16,533,Default]

[14:12:16,533,Default] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)

[14:12:16,533,Default]

[14:12:16,533,Default] at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1011)

[14:12:16,533,Default]

[14:12:16,533,Default] at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1106)

[14:12:16,543,Default]

[14:12:16,543,Default] at java.lang.Thread.run(Thread.java:484)

It looks like the principal is not propagated from the web container to the ejb container. If we try to use new InitialContext() we get an error stating that no valid provider url was set. Can anybody explain if we are doing something wrong or has a solution?

Thanks,
Koen Lesterhuis

web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>

<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>application</param-name>
<param-value>com.pinkroccade.forumdossier..view.ApplicationResources</param-value>
</init-param>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>2</param-value>
</init-param>
<init-param>
<param-name>detail</param-name>
<param-value>2</param-value>
</init-param>
<init-param>
<param-name>validate</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>2</load-on-startup>

<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>

<taglib-uri>/WEB-INF/app.tld</taglib-uri>
<taglib-location>/WEB-INF/app.tld</taglib-location>


<taglib-uri>/WEB-INF/struts-bean.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-bean.tld</taglib-location>


<taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-html.tld</taglib-location>


<taglib-uri>/WEB-INF/struts-logic.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-logic.tld</taglib-location>

<security-constraint>
<display-name>ForumDossier Authenticatie Security</display-name>
<web-resource-collection>
<web-resource-name>forumDossier</web-resource-name>
Protect all ForumDossier Pages
<url-pattern>*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
</web-resource-collection>
<auth-constraint>
ForumDossier Roles
<role-name>ForumDossierUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>forumDossier</realm-name>
</login-config>
<security-role>
ForumDossierUser Role
<role-name>ForumDossierUser</role-name>
</security-role>
<ejb-ref>
<ejb-ref-name>ejb/FdAutorisatieManagerSB</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type>
com.pinkroccade.forumdossier.logic.autorisatie.FdAutorisatieManagerSBHome
com.pinkroccade.forumdossier.logic.autorisatieFdAutorisatieManagerSBRemote
</ejb-ref>
</web-app>

jboss.xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss PUBLIC '-//JBoss//DTD JBOSS 2.4//EN' 'http://www.jboss.org/j2ee/dtd/jboss_2_4.dtd'>

<security-domain>java:/jaas/forumDossier</security-domain>
<enterprise-beans>

<ejb-name>FdAutorisatieManagerSB</ejb-name>
<jndi-name>ejb/FdAutorisatieManagerSB</jndi-name>
<ejb-ref>
<ejb-ref-name>ejb/FdGebruikerSB</ejb-ref-name>
<jndi-name>FdGebruikerSB</jndi-name>
</ejb-ref>

</enterprise-beans>


jboss-web.xml:

<?xml version="1.0" encoding="UTF-8"?>

<jboss-web>
<security-domain>java:/jaas/forumDossier</security-domain>
<ejb-ref>
<ejb-ref-name>ejb/FdAutorisatieManagerSB</ejb-ref-name>
<jndi-name>ejb/FdAutorisatieManagerSB</jndi-name>
</ejb-ref>
</jboss-web>

KoensBean.java:

package com.pinkroccade.forumdossier.view;

import java.io.IOException;
import java.util.*;
import javax.naming.*;
import javax.rmi.PortableRemoteObject;
import javax.servlet.http.*;
import javax.servlet.jsp.*;
import javax.servlet.jsp.tagext.*;
import javax.servlet.ServletException;
import com.pinkroccade.forumdossier.common.*;
import com.pinkroccade.forumdossier.logic.autorisatie.*;
import com.pinkroccade.forumdossier.view.exceptions.*;
import com.pinkroccade.forumdossier.view.model.bean.*;
import com.pinkroccade.forumdossier.view.model.navigatie.*;
import com.pinkroccade.forumdossier.view.model.navigatie.data.*;
import com.pinkroccade.omentree.*;

public class KoensBean {
public static String INIT = "init";
public static boolean APPLICATIE_INITIALISEERD = false;
public static final String PRINT_GEBR_NAAM = "toonGebruikersNaam";
public static final String CLIENT_HISTORY = "clientHistory";
public static String GESELECTEERDE_CLNT = "clntId";
private String action = "";
private FdGebruikerBean gebruiker;
private FdSiteStatusBean siteStatus;
private FdClientBean huidigeClient;
private int geselecteerdeReqClient = 0;

/**
* Initialisatie van de gebruikersBean in de sessie
*/
public void initGebruiker () {
try {
FdNavigatieStructuurNode navigatieStructuurTree;

FdAutorisatieManagerSBHome fdAutorisatieManagerSBHome = (FdAutorisatieManagerSBHome)getSBInstance(FdJNDINamesInterface.FDAUTORISATIEMANAGERSB,
FdAutorisatieManagerSBHome.class);
FdAutorisatieManagerSBRemote autorisatieManager = fdAutorisatieManagerSBHome.create();
} catch (Exception e) {
e.printStackTrace();
}
}

protected InitialContext getJBossInitialContext() throws Exception {
java.util.Hashtable JNDIParm = new java.util.Hashtable();
JNDIParm.put(Context.PROVIDER_URL, "localhost");
JNDIParm.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
return new InitialContext(JNDIParm);
}

protected Object getSBInstance(String jndiName, Class jndiClass) {
try {
InitialContext ctx = getJBossInitialContext();
Object ref = ctx.lookup(jndiName);
return PortableRemoteObject.narrow(ref, jndiClass);
}
catch(Exception e) {
e.printStackTrace();
return null;
}
}

}