Security problem when calling a session bean from a message
gbeutler Oct 21, 2003 9:52 AMHi,
I've got problems accession a session ejb from a message bean. The session bean has a security context and is accessible from other session beans without any problem.
At my message bean config in ejb-jar.xml I added
<security-identity>
<run-as>
<role-name>Role</role-name>
</run-as>
</security-identity>
which is the correct role for the session bean which should be called. Every time where I try to access the session bean I get
java.lang.SecurityException: Authentication exception, principal=null
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:164)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:81)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:319)
at org.jboss.ejb.Container.invoke(Container.java:720)
at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:101)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:90)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:45)
at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
at $Proxy52.create(Unknown Source)
As a workaround I added a client authentication (with LoginContext etc.) to the message bean. This is working.
Why the run-as section does not set the security context correctly? I thought that the reason for setting the security-identity at message beans is, that there is no other way to get the caller identity at the onMessage method. So I expected that setting the security-identity at the deployment descriptor would set the identity for me but this don't work.
best regards,
Guido