1 Reply Latest reply on Oct 25, 2003 1:49 PM by bytemaster

    Security problem when calling a session bean from a message

      Hi,

      I've got problems accession a session ejb from a message bean. The session bean has a security context and is accessible from other session beans without any problem.
      At my message bean config in ejb-jar.xml I added

      <security-identity>
      <run-as>
      <role-name>Role</role-name>
      </run-as>
      </security-identity>

      which is the correct role for the session bean which should be called. Every time where I try to access the session bean I get

      java.lang.SecurityException: Authentication exception, principal=null
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:164)
      at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:81)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
      at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
      at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:319)
      at org.jboss.ejb.Container.invoke(Container.java:720)
      at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
      at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:101)
      at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:90)
      at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
      at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:45)
      at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
      at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
      at $Proxy52.create(Unknown Source)

      As a workaround I added a client authentication (with LoginContext etc.) to the message bean. This is working.
      Why the run-as section does not set the security context correctly? I thought that the reason for setting the security-identity at message beans is, that there is no other way to get the caller identity at the onMessage method. So I expected that setting the security-identity at the deployment descriptor would set the identity for me but this don't work.

      best regards,

      Guido

        • 1. Re: Security problem when calling a session bean from a mess
          bytemaster

          Hi,

          my engish isn't good, but I hope do you understand.

          You can't calling a session bean from a message driven bean with activated security realm.
          Only the caller roles will to bequest, when you to call a message driven bean from a session bean.

          Do you can to call a session bean with extern or local remote interface and then you can to call a message driven bean from a session bean after. This is the only way with activated security ( JAAS ) in EJB 2.0 Spezification.