4 Replies Latest reply on May 11, 2003 4:48 AM by adrian.brock

    calling EJB from handleNotification in timer listener

    ittay
    ittay May 8, 2003 8:40 AM

      Hello,

      I have a regular class implementing the NotificationListener interface, a session bean send a message to a message driven bean which in turn adds a notification to the timer. when the listener is called by the timer, it tries to call on another session bean (actually, it tries to create an instance of it), but fails with the exception:

      javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
      Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[User], principalRoles=[]
      at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:346)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:124)
      at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
      at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:310)
      at org.jboss.ejb.Container.invoke(Container.java:694)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:549)
      at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:101)
      at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:88)
      at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:77)
      at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:80)
      at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:175)
      at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:82)
      at $Proxy243.create(Unknown Source)


      all this happens within the save VM, but the session beans have remote interfaces only. the session bean that starts the whole process is called from the outside (by a unit test), and there the security is just fine (the unit tests does a login()).

      please help, but be gentle, i'm a newbie,
      thanx,
      ittay

      • 2201 Views
      • Tags:
        • 1. Re: calling EJB from handleNotification in timer listener
          bstansberry May 8, 2003 6:15 PM (in response to ittay)

          I'm pretty sure your problem is that your timer thread has no security credentials associated with it.

          When you authenticate to JBoss, its JaasSecurityManager associates your security credentials (Subject) with the current thread. Thereafter, when access permission checks are made it checks to be sure the Subject is associated with the calling thread.

          In your situation, the thread that is trying to create the final session bean is the timer thread, not the thread you logged on with.

          If you need the timer involved, off the top of my head, I'm not sure what to advise you to do; maybe someone else has some ideas?

          Best,
          Brian

            • Actions
          • 2. Re: calling EJB from handleNotification in timer listener
            adrian.brock May 8, 2003 7:16 PM (in response to ittay)

            You have to do a JAAS login,
            the timer thread doesn't have the security information.

            Something like:

            import javax.security.auth.auth.login.*;

            LoginContext ctx = new LoginContext("client-login", handler);
            ctx.login();
            try
            {
            // do work
            }
            finally
            {
            ctx.logout();
            }

            The handler is a JAAS callback, you could use
            the jboss one:
            handler = new org.jboss.security.auth.callback.UsernamePasswordCallbackHandler(user, password.toCharArray());

            Regards,
            Adrian

              • Actions
            • 3. Re: calling EJB from handleNotification in timer listener
              ittay
              ittay May 9, 2003 10:00 AM (in response to ittay)

              thanx for your help,

              my problem is that while inside the system i don't have the username/password information available. is there a way of preregistering all threads (or at least the timer thread) when logging in to the system?

              thank you,
              ittay

              p.s., i can, of course, create some user and password that will always be valid, but woldn't that create a backdoor for the outside world? i.e., if i create a user-password pair, e.g., "jboss", "jboss", wouldn't it be possible to use it to login to the system from the outside (web)?

                • Actions
              • 4. Re: calling EJB from handleNotification in timer listener
                adrian.brock May 11, 2003 4:48 AM (in response to ittay)

                Only if you tell them the password.

                The timer uses a threadpool so it is not really
                possible to control who gets those threads.

                Regards,
                Adrian

                  • Actions