2 Replies Latest reply on Jul 23, 2002 9:25 AM by jameschaingchen

Custom SecurityProxy

jameschaingchen Jul 22, 2002 12:07 PM

Hi,

I am trying to write a custom SecurityProxy by following the example illustrated by the following article:

http://www.javaworld.com/javaworld/jw-02-2002/jw-0215-ejbsecurity_p.html

Instead of protecting an entity bean, my custom SecurityProxy is used to protect a session bean, i.e., as shown in jboss.xml,

<enterprise-beans>

<ejb-name>Interest</ejb-name>
<security-proxy>com.test.secureejb.ejb.InterestSecurityProxy</security-proxy>
<jndi-name>ejb/Interest</jndi-name>

</enterprise-beans>

I use the sample TradingAccountSecurityProxy.java code as a template for the InterestSecurityProxy.java. I then modify the proxy code to refect the correct parameters and security logics for the InterestBean. Then, I test the code and get the following error message.

[INFO,InterestSecurityProxy] setEJBContext null
[ERROR,Interest] CONTAINER EXCEPTION:
java.lang.NullPointerException
at com.test.secureejb.ejb.InterestSecurityProxy.invokeHome(Unknown Source)
at org.jboss.ejb.plugins.SecurityProxyInterceptor.invokeHome(SecurityProxyInterceptor.java:129)
at org.jboss.ejb.plugins.TxInterceptorBMT.invokeHome(TxInterceptorBMT.java:230)
at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invokeHome(StatelessSessionInstanceInterceptor.java:66)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:102)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:103)
at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:268)
at org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoker.invokeHome(JRMPContainerInvoker.java:456)
at org.jboss.ejb.plugins.jrmp.interfaces.HomeProxy.invokeHome(HomeProxy.java:237)
at org.jboss.ejb.plugins.jrmp.interfaces.HomeProxy.invoke(HomeProxy.java:182)
at $Proxy12.create(Unknown Source)
at com.test.secureejb.web.restricted.InterestServlet.doPost(InterestServlet.java:143)
at com.test.secureejb.web.restricted.InterestServlet.doGet(InterestServlet.java:166)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:405)
at org.apache.tomcat.core.Handler.service(Handler.java:287)
at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:812)
at org.apache.tomcat.core.ContextManager.service(ContextManager.java:758)
at org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpConnectionHandler.java:213)
at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:501)
at java.lang.Thread.run(Unknown Source)

I just wonder whether I should add anything to the setSessionContext method in the InterestBean.java.

Please advice. Thanks!

James

1. Re: Custom SecurityProxy

jameschaingchen Jul 22, 2002 2:02 PM (in response to jameschaingchen)

Can SecurityProxy be applied to session beans?
Actions
2. Re: Custom SecurityProxy

jameschaingchen Jul 23, 2002 9:25 AM (in response to jameschaingchen)

I think that the SecurityProxy can be applied to session beans.

I have found a solution for the problem that I posted. The way is to comment out the EJBContext line in the invokeHome method of the InterestSecurityProxy.java code,i.e.,

public void invokeHome(Method m, Object[] args) throws SecurityException {

//EJBContext ctx = (EJBContext)_ctx.get();
}

Although I have a solution, I don't have an explanation. I don't know why the ctx in the invokeHome has a null value when a session bean is used and why the ctx has a value when a entity bean is used. Can someone help me? Thanks!
Actions

Go to original post